Back to directory
WRITEUP #433

Nom for Security: A Proactive Security Review of Nomulus

DeserializationInsecure deserializationVerbose loggingInformation disclosureCryptographic issuesAuthentication bypass
by@erbbysam(Sam Erb)
Program
Google (Nomulus)
Published
Feb 20, 2024
Added to HackDex
May 8, 2024
Read Full Writeuphttps://bughunters.google.com/blog/5294234841776128/nom-for-security-a-proactive-security-review-of-nomulus
RELATED WRITEUPS
Attacking PowerShell CLIXML Deserialization
DeserializationInsecure deserialization
$1600 Bounty on a Main Domain
ReconSession fixation
Breaking the Barrier: Admin Panel Takeover Worth $3500
Auth BypassAuthentication bypass
Dynamics 365 Business Central - A Journey With Ups and Downs
DeserializationInsecure deserialization
Vulnerabilities in Open Source C2 Frameworks
RCEOS command injection

Built with ❤️ by Shubham Rawat