Skip to content

Christian Niel Angel

Has anything you’ve done made your life better?

  • About Me

Protected: Breaking the Doors: Paypal 2-Factor Bypass

There is no excerpt because this is a protected post.

angel Uncategorized December 2, 2020December 26, 2020 1 Minute

404 Not Found: Vulnerability Disclosure in the Philippines

A bug is a vulnerability within a software or hardware that gives cybercriminals an opportunity to carry out malicious activities, potentially causing severe financial and reputational damage.

angel Uncategorized November 29, 2020December 26, 2020 2 Minutes

Security Advisory – CVE-2020-12832

WordPress Plugin Simple File List is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input.

angel research May 16, 2020December 27, 2020 1 Minute

Non-Verified User can Submit Report,View Disclosed Reports | Secuna Bug Bounty

As a Verified user in Secuna you should be able to update your profile,submit reports,view disclosed reports and update payout method meanwhile if your account is not verified you should not be able to submit reports, view disclosed reports, update your profile and etc.

angel Uncategorized February 13, 2020December 26, 2020 1 Minute

Static Analysis of wish-you.co

Recently wish-you.co became viral on the Philippines when Filipino Facebook users started sending their own customized New Year's Greetings to their Facebook Friends.

angel Uncategorized 2 Comments December 30, 2019December 26, 2020 2 Minutes

Exposed S3 Credentials of QuadX

Secuna is the first and only crowdsourced cybersecurity testing platform in the Philippines helping startups and SMEs by connecting them to vetted security researchers to find and fix security vulnerabilities before they can be exploited by cybercriminals.

angel Uncategorized October 29, 2019December 26, 2020 2 Minutes

Rootcon CTF 2019 | Kahl Dereta Write Up

The First Time CTF Experience with Jonelle H. Castañeda and Aeruc Maquilang was Really Good! Hats off to Pwn De Manila for Organizing this awesome Capture the Flag at Rootcon 13.

angel Uncategorized September 29, 2019December 26, 2020 1 Minute

Insufficient Rate Limitting on Facebook Fundraisers

Facebook Fundraisers Lacks Rate Limiting Protection. Malicious actors can bruteforce this by sending different random credit or debit card numbers. This could result to large scale fraud.

angel Uncategorized 35 Comments August 13, 2019December 26, 2020 1 Minute

Security Advisory – CVE-2019-5450

Nextcloud is a suite of client-server software for creating and using file hosting services. Nextcloud application functionally is similar to Dropbox. Unlike Dropbox, Nextcloud does not offer off-premises file storage hosting.

angel Uncategorized July 28, 2019December 27, 2020 1 Minute

Security Advisory – CVE-2018-19937

A local, authenticated attacker can bypass the passcode in the VideoLAN VLC media player app before 3.1.5 for iOS by opening a URL and turning the phone.

angel Uncategorized July 19, 2019December 27, 2020 1 Minute

Affliations

OWASP
PITSF
Hack The North
Kalasag CERT
PITSF

Archives

  • December 2020 (1)
  • November 2020 (1)
  • May 2020 (1)
  • February 2020 (1)
  • December 2019 (1)
  • October 2019 (1)
  • September 2019 (1)
  • August 2019 (1)
  • July 2019 (2)

RSS ZDI: Published Advisories

  • ZDI-21-558: Cisco RV340 set_snmp usmUserAuthKey Command Injection Remote Code Execution Vulnerability May 11, 2021
  • ZDI-21-559: Cisco RV340 set_snmp usmUserPrivKey Command Injection Remote Code Execution Vulnerability May 11, 2021
  • ZDI-21-560: Cisco RV340 set_snmp usmUserEngineID Command Injection Remote Code Execution Vulnerability May 11, 2021
  • ZDI-21-561: Foxit Reader browseForDoc Out-Of-Bounds Write Remote Code Execution Vulnerability May 11, 2021
  • ZDI-21-562: Schneider Electric C-Bus Toolkit Incorrect Permission Assignment Privilege Escalation Vulnerability May 11, 2021
Proudly powered by WordPress | Theme: Independent Publisher 2 by Raam Dev.