Posts on Dave

Posts on Dave https://0dave.ch/posts/ Recent content in Posts on Dave Dave https://0dave.ch/static/img/me.webp https://0dave.ch/static/img/me.webp en-us Wed, 18 Mar 2026 17:22:10 +0200 Kanboard CVE-2026-33058 Writeup https://0dave.ch/posts/cve-2026-33058/ Wed, 18 Mar 2026 17:22:10 +0200 https://0dave.ch/posts/cve-2026-33058/ Walkthrough of the discovery of an authenticated SQL injection in Kanboard version <= 1.2.50 tracked as CVE-2026-33058 Flying Whales in a Pot of Honey https://0dave.ch/posts/flying-whales-in-a-pot-of-honey/ Wed, 07 Jan 2026 08:40:00 +0200 https://0dave.ch/posts/flying-whales-in-a-pot-of-honey/ What I’ve been up to in the last few weeks CVE-2025-6004 tl;dr https://0dave.ch/posts/cve-2025-6004-tldr/ Sun, 17 Aug 2025 11:23:40 +0200 https://0dave.ch/posts/cve-2025-6004-tldr/ A tl;dr about account lockout bypass (CVE-2025-6004) in Hashicorp Vault Go Report [a vulnerability] Card https://0dave.ch/posts/goreportcard/ Sat, 07 Dec 2024 15:48:00 +0200 https://0dave.ch/posts/goreportcard/ While publishing oauth-labs I stumbled upon a vulnerability in goreportcard ghmlwr: Malware on GitHub (retired) https://0dave.ch/posts/ghmlwr/ Sun, 01 Sep 2024 10:21:43 +0200 https://0dave.ch/posts/ghmlwr/ New pet project ghmlwr Atlassian Research and Work https://0dave.ch/posts/atlassian-the-outtakes/ Wed, 28 Aug 2024 20:00:00 +0200 https://0dave.ch/posts/atlassian-the-outtakes/ Atlassian Research and a short status update RFC5322, your XSS companion https://0dave.ch/posts/rfc5322-fun/ Mon, 01 Apr 2024 14:19:48 +0200 https://0dave.ch/posts/rfc5322-fun/ Why RFC5322 email validation might lead to XSS vulnerabilities Parcel Tracking, I can haz PII plz? https://0dave.ch/posts/parcel-advice/ Fri, 08 Mar 2024 19:34:53 +0100 https://0dave.ch/posts/parcel-advice/ This is a short one about a not-so-fun parcel tracking service that I came across after completing the check-out of my cat food order for my furry overlords Uncooperative Businesses https://0dave.ch/posts/uncooperative-businesses/ Thu, 15 Feb 2024 18:34:55 +0100 https://0dave.ch/posts/uncooperative-businesses/ A short personal opinon piece about uncooperative businesses. AirTies Air4930 - Feature...? https://0dave.ch/posts/air4930/ Sat, 10 Feb 2024 13:55:51 +0100 https://0dave.ch/posts/air4930/ A not-so-fun little feature of AirTies Air 4930. CVE-2023-31505 tl;dr https://0dave.ch/posts/cve-2023-31505-tldr/ Mon, 05 Feb 2024 20:45:13 +0100 https://0dave.ch/posts/cve-2023-31505-tldr/ A tl;dr about an authenticated remote code execution (CVE-2023-31505) in Schlix CMS