Myles Nieman
← All writeups

RCE

5 writeups

Ghost

Insane

LDAP injection on a Next.js intranet leaks a service-account secret that unlocks Gitea; a custom Ghost CMS file-read exposes an RCE dev key; from …

Windows

BloodFlow

Very Easy

A publicly exposed n8n workflow automation instance is vulnerable to CVE-2026-21858, an unauthenticated arbitrary file read to RCE chain, yielding a …

Linux

WingData

Easy

Wing FTP Server 7.4.3 exposes an unauthenticated RCE endpoint; cracking the salted password hashes from its XML config yields SSH access as a system …

Linux

ReactOOPS

Very Easy

A vulnerable React application is exploited via CVE-2025-55182 (react2shell), yielding unauthenticated remote code execution and a shell that reads …

Linux

ADSelfService

Very Easy

An exposed ManageEngine ADSelfService Plus portal running version 6.1 is vulnerable to CVE-2021-40539 (REST API authentication bypass to RCE), …

Windows