All posts

Blog

if i was more reasonable, i'd have less to write about

Featured

Two Sinks, One Shell: OS Command Injection in ZoneMinder

ZoneMinder's event export concatenates monitor names directly into shell commands. One unsanitized source, two exec() sinks, and a payload that someone else can trigger for you.

I investigato

June 5, 2026 2 min read

vulnerability-research php command-injection zoneminder rce

I Found a File Read Nobody Was Looking For

A path traversal in Camaleon CMS that only triggers under a weird combination of Rails 8, the Solid trio, and an S3 backend. Found by accident. Reproduced through stubbornness.

I investigato

February 16, 2026 2 min read

cve ruby path-traversal camaleon-cms vulnerability-research

Two Sinks, One Shell: OS Command Injection in ZoneMinder

ZoneMinder's event export concatenates monitor names directly into shell commands. One unsanitized source, two exec() sinks, and a payload that someone else can trigger for you.

I investigato

June 5, 2026 2 min read

vulnerability-research php command-injection zoneminder rce

I Found a File Read Nobody Was Looking For

A path traversal in Camaleon CMS that only triggers under a weird combination of Rails 8, the Solid trio, and an S3 backend. Found by accident. Reproduced through stubbornness.

I investigato

February 16, 2026 2 min read

cve ruby path-traversal camaleon-cms vulnerability-research

Follow along

Stay in the loop — new articles, thoughts, and updates.

RSS Feed GitHub LinkedIn