This happens on f5 appliances: the tomcat user can upload files to
/shared/images , then this root process periodically scans the directory
looking for firmware. Shell expansion causes privesc here :p
Also, there are no csrf tokens in the firmware upload form.
vdbs can go wild now :p
On Sat, J
Hello List,
I want to warn you about entities that exploit public internet
infrastructure for self promotion.
I will do so by example, entity Pete Herzog (PH):
- PH abuses the ability to post to public mailing lists ( for example
seclists.org/fulldisclosure/2014/Apr/55 ).
- PH creates wikipedi
