Posts
-
Vault/webapp integration PoC
I decided to develop this toy project to learn about HashiCorp Vault, in particular to focus on its integration with web applications. I was not able to find a complete enough example on the Internet to answer all of my doubts, so I decided to build it myself.
-
Secrets leakage prevention with pre-commit hooks and Gitleaks
Committing in a repository confidential material like passwords, API secrets, private keys is a severe security issue and could have serious consequences.
-
Cacti 1.2.24 - Authenticated command injection when using SNMP options (CVE-2023-39362)
In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution on the underlying server.