Wednesday, June 25, 2025
Sandbox Security Escapes in ColdFusion and Lucee (CVE-2025-30288 and CVE-2024-55354)
›
Introduction In this post I'm going to cover the technical details of a security sandbox escape technique that affects Adobe ColdFusion ...
1 comment:
Tuesday, June 24, 2025
CFCamp 2025 Slides - Understanding CFML Vulnerabilities, Exploits, and Attack Paths
›
In May I had the pleasure of attending my first CFCamp , where I spoke about CFML security. The slides from my talk -- Understanding CFML ...
Monday, January 13, 2025
An SSRF to LFI Payload for PDF Generators (CVE-2024-34112 and beyond)
›
"Hola, amigos. How’s it hangin’? I know it’s been a long time since I last rapped at ya, but I've been busier than a feather plucke...
Monday, December 23, 2024
An Initial Analysis of Adobe ColdFusion CVE-2024-53961
›
A ColdFusion security patch released two days before Christmas? I have a feeling that may have resulted in many sysadmins shouting "Fi...
3 comments:
Thursday, August 8, 2024
BSidesLV 2024 Slides - Modern ColdFusion Exploitation and Attack Surface Reduction
›
Thank you to BSidesLV for the opportunity to speak this year. The slides from my talk, Modern ColdFusion Exploitation and Attack Surface ...
Wednesday, July 24, 2024
On ColdFusion Administrator Access Control Bypass Techniques
›
Introduction Access Control is frequently boring but important. It's one of the core security services defined in the OSI Security Arch...
Monday, July 22, 2024
Summercon 2024 Slides - Modern ColdFusion Exploitation and Attack Surface Reduction
›
Last Friday it was an absolute honor to talk about ColdFusion security at Summercon . Summercon was the first security conference I attende...
Wednesday, March 27, 2024
Bypassing Imperva SecureSphere WAF (CVE-2023-50969)
›
Background Imperva SecureSphere Web Application Firewall (WAF) is an on-premise security solution to inspect, monitor and block traffic to ...
›
Home
View web version
