CVE-2018-7600 - a crafted request turned thousands of websites into attacker control panels.

In this episode of The Exploit Archives, we break down how Drupal was compromised again, how it worked and why RCE is still one of the worst outcomes for web platforms.

Support the show: ⁠⁠⁠⁠⁠⁠The Exploit Archives⁠⁠⁠⁠

Youtube: ⁠⁠⁠⁠⁠⁠The Exploit Archives - Youtube

Weekly episodes!

Tags: CVE breakdown, cybersecurity, drupal, drupalgeddon 2,rce, ethical hacking, remote code execution, cms vulnerability

CVE-2014-3704 - a single vulnerability in Drupal, one of the web's biggest content management.

In this episode of The Exploit Archives, we break down how this silent bug in Drupal's code turned into global exploitation within hours, why thousands of sites were compromised, and what lessons it left behind.

Stay tuned for Part Two.

Support the show: The Exploit Archives

Youtube: ⁠⁠⁠⁠⁠The Exploit Archives - YouTube⁠⁠⁠⁠

Weekly Episodes!

Tags: CVE breakdown, cybersecurity, drupal, drupalgeddon, sql injection, ethical hacking, remote code execution, cms vulnerability

CVE-2024-3094 - a backdoor hidden inside XZ Utils, the tiny compression library bundled into millions of Linux systems.

In this episode of The Exploit Archives, we break down how a trusted maintainer slipped in the malicious code, how close it came to being unleashed, and what this betrayal means for the future of open-source security.

Support the show: ⁠⁠⁠⁠The Exploit Archives⁠⁠⁠⁠

Youtube: ⁠⁠⁠⁠The Exploit Archives - YouTube⁠⁠⁠

Weekly Episodes!

Tags: CVE breakdown, cybersecurity, linux , xz utils, linux security, supply chain attack, ssh vulnerability, hacking, cryptography flaw, cybersecurity podcast, exploit analysis, ethical hacking