Remote Code Execution Archives

Deserialisation-of-Untrusted-Data-KrishnaG-CEO

2024 CWE Top 25 Most Dangerous Software Weaknesses: Deserialisation of Untrusted Data (CWE-502)

21 March 202521 March 2025 by Krishna

Deserialisation refers to the process of converting serialised data (a compact format of an object or data structure) back into its original form. While this operation is indispensable in modern software, it becomes a vulnerability when the deserialised data originates from an untrusted source.
When untrusted data is deserialised without validation, attackers can exploit the process to execute arbitrary code, manipulate application logic, or inject malicious payloads. CWE-502 encapsulates this weakness, highlighting its potential to compromise data integrity, confidentiality, and availability.

2024 CWE Top 25 Most Dangerous Software Weaknesses: Improper Input Validation (CWE-20)

17 March 2025 by Krishna

Improper input validation occurs when a software application fails to verify that input received is within the expected range, format, type, or value before processing. This weakness paves the way for a variety of security exploits, including injection attacks, buffer overflows, and data manipulation, which can compromise application functionality and user data.

Understanding CWE-434: Unrestricted Upload of File with Dangerous Type

15 March 202515 March 2025 by Krishna

At its core, CWE-434 occurs when an application fails to restrict file uploads to safe and intended file types. This weakness allows attackers to upload malicious files, potentially executing arbitrary code, accessing sensitive data, or gaining unauthorised access to the system.

How Out-of-Bounds Write Vulnerabilities (CWE-787) Can Compromise Your Code — And Your Business

7 March 20257 March 2025 by Krishna

Out-of-bounds write vulnerabilities (CWE-787) are among the most dangerous weaknesses in software development. If left unchecked, these vulnerabilities can have significant repercussions, including data corruption, service outages, and, in the worst cases, remote code execution.

An out-of-bounds write occurs when a program writes data outside the bounds of allocated memory, causing code compromise in the software.

Penetration Testing OpenWRT: A Comprehensive Guide for Penetration Testers and Network Architects

27 February 2025 by Krishna

OpenWRT, while highly customisable, is not immune to the common security flaws that affect embedded devices. These can range from default configurations to poorly secured web interfaces