System Overlord

A blog about security engineering, research, and general hacking.

Vulnerability Research

CVE-2019-10071: Timing Attack in HMAC Verification in Apache Tapestry (23 Aug 2019)
[CVE-2017-17704] Broken Cryptography in iStar Ultra & IP ACM by Software House (18 Dec 2017)
[CVE-2014-5204] Wordpress nonce Issues (10 Sep 2014)
CVE-2014-4182 & CVE-2014-4183: XSS & XSRF in Wordpress 'Diagnostic Tool' Plugin (04 Jul 2014)
Parameter Injection in jCryption (17 Jun 2014)