A developer's notes in the world of security research and bug bounty, by pmnh
open-menucloseme
Home
About
githubtwitterrss

  • LuxCal 5.1.x and below Authentication Bypass: CVE-2021-45914, CVE-2021-45915

    calendarMay 9, 2022 · 2 min read · cve authentication  ·
    Share on: twitterfacebooklinkedincopy

    Summary In research related to a Synack Red Team client, I was able to discover several authentication bypass issues in the LuxCal web calendar component. The limited details of these issues, which have been resolved by the vendor in version 5.2.0 of the software, are listed below. As an agreement with the vendor, we …


    Read More

Disclaimer

The opinions expressed on this site are my own personal opinions and do not represent my employer’s view in any way. All content on this site should be used for legal, research purposes only on assets you are permitted to test. The author expressly disclaims any and all liability from misuse of material on this site.

Featured Posts

  • Bug Writeup: Stored XSS to Account Takeover (ATO) via GraphQL API
  • Bug Writeup: RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass
  • Reflecting on 2 Years of Bug Bounty

Recent Posts

  • Bug Writeup: Stored XSS to Account Takeover (ATO) via GraphQL API
  • CTF Writeup: 2023 DeadSec CTF: Trailblazer
  • Bug Writeup: RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass
  • Reflecting on 2 Years of Bug Bounty
  • CTF Writeup: 2022 HTB Cyber Apolcalypse Web Challenge: Genesis Wallet
  • LuxCal 5.1.x and below Authentication Bypass: CVE-2021-45914, CVE-2021-45915
  • Advanced sqlmap Case Study

Tags

CTF 2 RCE 2 WRITEUP 2
All Tags
ADVANCED1 AUTHENTICATION1 BUGCROWD1 CSRF1 CTF2 CVE1 GRAPHQL1 HACKERONE1 INDEX1 LEARNING1 NODEJS1 PYTHON1 RCE2 SQLI1 SQLMAP1 VARNISH1 WAF1 WRITEUP2 XSS1
[A~Z][0~9]
A developer's notes in the world of security research and bug bounty, by pmnh

Copyright  A DEVELOPER'S NOTES IN THE WORLD OF SECURITY RESEARCH AND BUG BOUNTY, BY PMNH. All Rights Reserved

to-top