InsertScript: SiteKiosk – Breakout
SiteKiosk – Breakout It has been a while since my last blog post, therefore I am going to share two possible bypasses for the software…
Category: Mix
InsertScript: Multiple PDF Vulnerabilities – Text and Pictures on Steroids
/*UPDATE */ @irsdl brought two import links to my attention: 2010 formcalc: http://t.co/6OfGLa9Cu1 2013 XXE + SOP Bypass: http://t.co/VZMSVg3HtN It seems like Adobe knew about the SOP issue…
InsertScript: MHTML: x-usc – A feature from the past
What is mhtml ? For those who have never saved a complete web page in Internet Explorer, mhtml or its extensions .mht is most likely…
InsertScript: PDF – How to steal PDFs by injecting JavaScript
Intro Quite some time has passed since my last blog post, so I decided to present a nice feature of PDF. I will use a…
DLL Hijacking via URL files
This blogpost describes how I got annoyed by vulnerabilities in 3rd party Windows applications, which allowed to execute local files but without parameters. So I…
InsertScript: Adobe Reader – PDF callback via XSLT stylesheet in XFA
I have seen on twitter that there is use for another PDF callback Proof-of-Concept in Adobe Reader. Last year a PDF file called “BadPDF” was…
InsertScript: Libreoffice (CVE-2018-16858) – Remote Code Execution via Macro/Event execution
I started to have a look at Libreoffice and discovered a way to achieve remote code execution as soon as a user opens a malicious…
InsertScript: ImageMagick – Shell injection via PDF password
“Use ImageMagick® to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats (over 200) including PNG,…
InsertScript: Blink – DoS of tab via SVG in img tag / CSS context
This is just a quick blogpost to document a behavior in the Blink engine in regards to the processing of SVG images in the context…
Exploiting PostMessage Vulnerabilities: Advanced Exploitation Guide
PostMessage vulnerabilities arise when developers fail to properly validate message origins or sanitize content within cross-origin communication handlers. As modern web applications increasingly rely on…
Remote Access to Every Conversation · Joseph Thacker
My neighbor texted me the other day and said she’d pre-ordered two AI toys for her kids that supposedly used an LLM to dynamically generate…
![[tl;dr sec] #311 - Slack's Security Agents, Cloud-Native Detection Engineering, Trail of Bits' Claude Skills](https://image.cybernoz.com/wp-content/uploads/2026/01/tldr-sec-311-Slacks-Security-Agents-Cloud-Native-Detection-Engineering.png){kind=small}
[tl;dr sec] #313 – MCP Security Hub, IDE-Shepherd, Plaid’s Security Pipeline as Code
Weird Al Last week, I saw something I never thought I would… We cut to the early 2000s, Clint is in high school. I loved…