How I found remote code execution vulnerabilities via CSRF on the administration interfaces of InternetCube applications and of the YunoHost administration interface which would have been used to execute arbitrary code as root. These vulnerabilities were fixed in YunoHost 3.3, OpenVPN Client app 1.3.0. and YunoHost 3.4.

In the previous episode, I talked about some argument and shell command injections vulnerabilities through URIs passed to browsers. Here I'm checkig some other CVEs which were registered at the same time.

While reading the source of sensible-browser in order to understand how it was choosing which browser to call (and how I could tweak this choice), I found an argument injection vulnerability when handling the BROWSER environment variable. This lead me (and others) to a a few other argument and shell command injection vulnerabilities in BROWSER processing and browser invocation in general.

There's been some articles lately about Intel AMT and its impact on security, trust, privacy and free-software. AMT supposed to be widely deployed in newest Intel hardware. So I wanted to see if I could find some AMT devices in the wild.