Zimbra “nginx” Local Root Exploit

Recently I decided to have a look at the somewhat popular email and collaboration platform, Zimbra, with the idea to go find some bugs in it. I’m simply dropping these as full disclosure, because the Zimbra “disclosure policy” prohibits publication of exploit code, which is something I find incredibly disagreeable. I also find that “responsible” …

VisualDoor: SonicWall SSL-VPN Exploit

I’ve been sitting on this one for quite a while now, and figured what with SonicWall back in the news for getting owned via some 0days in their own shit products, it would be somewhat amusing to release this. I’m fairly sure its patched by now. Anyway, its lockdown 3.0 so you should stay inside …