rotem-bar.comHacking 6.5+ million websites => CVE-2022-29455 (Elementor)Announcing CVE-2022-29455 Actions you should take if you have Elementor installed: Scan yourself with this nuclei plugin wget https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/3581482df1bfe1aef4e7fff96e183f9ef0e5bf13/cves/2022/CV...Jun 12, 2022·7 min read
rotem-bar.comSSRF in Open Distro for ElasticsearchAfter an interesting adventure, it's now possible to announce a new CVE-2021-31828 which effects Open Distro for ElasticSearch (ODFE) , versions until 1.12.0.2. Open Distro is a plugin for ElasticSearch that enhances security, alerting, SQL query...May 11, 2021·7 min read
rotem-bar.comDevelopers, Please encode your URLsUniform Resource Locators (URLs) are a funny thing. They seem so simple, but yet they have so many small complex rules to them, that all of a sudden, when you try to explain what a url is and the correct way to parse one, you find yourself in a sea o...Oct 26, 2020·5 min read
rotem-bar.comNGINX may be protecting your applications from traversal attacks without you even knowingAs a security team within a rapidly growing company, we encounter lots of different types of vulnerabilities. We have numerous in-house development teams, all running full speed to build new features into their products, which inevitably also leads t...Sep 24, 2020·7 min read
