Edwin Davidson

icon indicating a website link https://t.acmenews.com/?source=github.com

icon location San Francisco Bay Area icon location I am a cyber security professional with a background in ethical hacking dating to my formative years, 30+ years ago. (Most of my repos are not public.)

Results 1 comments of Edwin Davidson

Unserialize() can be abused to achieve arbitrary code injection with an IIFE

AVOID node-serialize at **ALL** costs. - [https://nodesecurity.io/advisories/311](url) - [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5941](url) - [https://www.exploit-db.com/docs/41289.pdf](url) - The actual source code to exploit any server running node-serialize against user input. Gain remote shell!