Upon recent discovery, White Oak Security discloses four vulnerability issues in the KingConnect KWM-2.01 router. These vulnerabilities include Authentication Cookie Non-Unique, Authentication Not Required to Perform Administrative Functionality, Unauthenticated Remote […]
Note: Updated 6/9/2023 to update official CVE IDs White Oak Security discovered an instance of Gladinet’s CentreStack server which was vulnerable to an authentication bypass and an arbitrary file upload […]
ODAT ODAT (Oracle Database Attacking Tool) is “an open source penetration testing tool that tests the security of Oracle Databases remotely” (1). The goal of the tool is to help […]
Welcome to a new installment of Unauthenticated! One of my goals with this series is to drive home the point that authentication (with properly implemented access controls) is essential to […]
Welcome to another installment of Unauthenticated! In this post, we will look at a recent web application penetration test where an XML external entity (XXE) expansion vulnerability was exploited without […]
A pentester at White Oak Security accesses an unauthenticated Jenkins server, an interesting target for attack, with a compromised AWS environment. Learn more…
