
Full Disclosure – RCEs in nbox recorder - iamthedarkness
http://carnal0wnage.attackresearch.com/2016/08/got-any-rces.html
======
aw3c2
That timeline is insane.

------
justinsaccount
This is bad, but all of those vulnerabilities required already authenticated
requests. The examples here all rely on the default credentials still working.

A RCE via a malicious packet would be a lot more interesting.

~~~
Sanddancer
It's still amazingly easy to exploit through phishing, etc. Sending an email
with a link to a controlled page, etc could easily get an authorized user to
send the web request.

------
ryanlol
Oh wow, these bugs are absolutely incredible. Bugs like this weren't
acceptable even in the 90s.

