A collection of in-depth vulnerability advisories and security research reports published by Thomas A Hutomo, including technical writeups, CVE analyses, exploitation techniques, and remediation guidance.
Thor gem's file manipulation methods that allows attackers to execute arbitrary system commands through limited_dev unsafe shell command construction.
A medium severity integer underflow vulnerability in Valkey's networking code that could lead to memory corruption and denial of service.
A critical command injection vulnerability discovered in Headlamp's code signing script that could allow arbitrary command execution during the build process.
A critical remote code execution vulnerability in New Relic Ruby Agent's JSON marshaller that allows attackers to execute arbitrary code through unsafe deserialization of untrusted data.
A critical vulnerability in Visual Studio Code's framework that allows attackers to execute arbitrary code when victims open malicious Malware containing ██ ██████ bypass ████.
A critical vulnerability in Visual Studio Code's framework that allows attackers to execute arbitrary code when victims open malicious Malware containing ██ ██████ bypass ████.
A critical security vulnerability discovered in Netflix Spectator's IpcServletFilter that allows HTTP response splitting attacks through header injection.
Dedicated to discovering and documenting security vulnerabilities across various platforms and applications. Our research aids in creating more secure systems for everyone.
Identifying new security vulnerabilities in software systems through systematic testing and analysis.
Following ethical security practices by reporting vulnerabilities to vendors before public disclosure.
Creating detailed reports with proof-of-concepts to help understand and address security issues.