Myles Nieman
← All writeups

Medium

8 writeups

Bucket

Medium

A web application backed by a locally exposed S3-compatible bucket allows unauthenticated file uploads; uploading a PHP web shell through the bucket …

Linux

Infosek

Medium

Exposed WordPress credentials in a public location grant admin panel access; a webshell upload reveals database credentials for the ryder account, and …

Windows

Logging

Medium

Readable SMB log share leaks an svc_recovery password (with a year-increment pattern), Generic Write on MSA_HEALTH$ enables shadow credential abuse …

Windows

Deputy

Medium

A exposed .git directory leaks Terraform IAM ARNs; a case-sensitivity bug in the event-role API lets those ARNs cross account boundaries, eventually …

Linux

Interpreter

Medium

Mirth Connect 4.4.0 is vulnerable to CVE-2023-43208 (unauthenticated RCE); database credentials in mirth.properties lead to a PBKDF2-hashed password …

Linux

Rainbow

Medium

Anonymous FTP access combined with a custom web service on port 8080 leads to a stack-based buffer overflow that overwrites ECX; exploiting the crash …

Windows

VulnCicada

Medium

An exposed NFS share leaks domain usernames and a credential hidden inside an image file; the password belongs to Rosie.Powell, whose account is used …

Windows

Printer

Medium

A printer management web app leaks LDAP credentials to a Responder listener; Invoke-Pester in a constrained WinRM environment executes an arbitrary …

Windows