2 January 2023
Due to the corona pandemic the chaos communication congress did not take place in 2022. Different hackerspaces created mini-events with talks and workshops instead. One of them was “Fireshonks 2022” which was organized by “Remote Rhein-Ruhr Stage” and “Haecksen”. I had the honour to give a talk about Logrotten - It’s not a Bug.
The full talk is online as a video-stream and was held in german language.
19 November 2022
BSides Vienna 2022 was a wonderful event. There were so many great talks and the location was beautiful. I gave a talk at the BSides Vienna 2022 about my “logrotten” exploit and I think the hacker community liked it. Here is a short description about the talk:
18 April 2022
| Identifier: | AIT-SA-20220208-01 |
| Target: | Sexy Polling ( Joomla Extension) |
| Vendor: | 2glux |
| Version: | all versions below version 2.1.8 |
| CVE: | Not yet |
| Accessibility: | Remote |
| Severity: | Critical |
| Author: | Wolfgang Hotwagner (AIT Austrian Institute of Technology) |
7 November 2021
I started blogging seven years ago. My blog changed from: “I blog everything that comes into my mind” to “I write about things I do on my computer”. Sometimes it’s about some hardware-projects, sometimes it’s about Linux and in the last years it was a lot about security. I promise I will continue because I have much Fun With Linux.
2 March 2021
| Identifier: | AIT-SA-20210215-04 |
| Target: | ForkCMS |
| Vendor: | ForkCMS |
| Version: | all versions below version 5.8.3 |
| CVE: | CVE-2020-24036 |
| Accessibility: | Remote |
| Severity: | Medium |
| Author: | Wolfgang Hotwagner (AIT Austrian Institute of Technology) |
2 March 2021
| Identifier: | AIT-SA-20210215-03 |
| Target: | QCubed Framework |
| Vendor: | QCubed |
| Version: | all versions including 3.1.1 |
| CVE: | CVE-2020-24912 |
| Accessibility: | Remote |
| Severity: | High |
| Author: | Wolfgang Hotwagner (AIT Austrian Institute of Technology) |
2 March 2021
| Identifier: | AIT-SA-20210215-02 |
| Target: | QCubed Framework |
| Vendor: | QCubed |
| Version: | all versions including 3.1.1 |
| CVE: | CVE-2020-24913 |
| Accessibility: | Remote |
| Severity: | Critical |
| Author: | Wolfgang Hotwagner (AIT Austrian Institute of Technology) |
2 March 2021
| Identifier: | AIT-SA-20210215-01 |
| Target: | QCubed Framework |
| Vendor: | QCubed |
| Version: | all versions including 3.1.1 |
| CVE: | CVE-2020-24914 |
| Accessibility: | Remote |
| Severity: | Critical |
| Author: | Wolfgang Hotwagner (AIT Austrian Institute of Technology) |
27 February 2021
ZSH is an extraordinary shell. I wrote about that some years ago. In order to make the zsh a little bit more beautiful I prefer installing oh-my-zsh or Powerlevel10k. In this article I want to introduce some plugins I can’t live without anymore.
My name is Wolfgang Hotwagner. I am a Linux and Information Security enthusiast from Vienna. This blog is about my journey through Computer Science.
Tag Cloud
ccc Linux Email Web Puppet Debian CVE HackADay Virtualization External Btrfs Mail TerminalEmulator apache Software-Raid Blog Open-Source Ansible vim logrotate Perl Shell Multimedia Network One-Liner Certification Crypto Firewall Kernel Suricata Postgresql Desktop Mathematics Programming xmas CLI Hardware Database Zsh Tricks openssl Downloads Backup News Ruby Fun Nagios PHP Bash Raspberry C Anniversary Toscom Security LVM Docker Sysadmin Proxy gitRecent Posts
- Decidim: Stored XSS in embedded URLs for Decidim Meetings
- Decidim-Awesome: SQL Injection in AdminAccountability
- AttackMate A modern open source tool for automating cyberattack
- BalCCon2k24 was amazing
- FIWARE Keyrock: Command Injection in Organisationname
- FIWARE Keyrock: Command Injection in Applicationname
- FIWARE Keyrock: Activation of any new user
- FIWARE Keyrock: Deactivate 2-factor-auth of any user
- FIWARE Keyrock: Manipulate passwords of any user
- Contributing a Metasploit Exploit