Formations

Améliorez vos compétences en prenant part à nos différentes formations sur-mesure.

Prestation sécurité du SI

Identifiez vos failles de sécurité afin de protéger votre SI.

MALICE - Cyber Entraînement

Entrainez vos équipes à la lutte informatique et simulez un environnement de cyberdéfense.

Evènements

Participez à nos évènements et conférences sur la sécurité informatique.

Quoi de neuf chez Sysdream ?


CVE-2016-3403 : Multiple CSRF in Zimbra Administration interface

We found Multiple CSRF vulnerabilities in the administration interface of Zimbra, giving possibilities like adding, modifying and removing admin accounts.

Zimbra nicely credited our efforts:

Zimbra credits

Lire la suite


SPIP 3.1.2 Server Side Request Forgery (CVE-2016-7999)

SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free software, distributed under the GNU/GPL licence.
It's possible to send HTTP/FTP requests using the valider_xml file.
Attackers can make it look like the server is sending the request, possibly bypassing access controls such as a firewall that would prevent the attacker from accessing the URLs directly.

Lire la suite


SPIP 3.1.2 Template Compiler/Composer PHP Code Execution (CVE-2016-7998)

SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free software, distributed under the GNU/GPL licence.

The SPIP template composer/compiler does not correctly handle SPIP "INCLUDE/INCLURE" Tags, allowing PHP code execution by an authenticated user.
This vulnerability can be exploited using the CSRF or the XSS vulnerability also found in this advisory.

Lire la suite


SPIP 3.1.1/3.1.2 File Enumeration / Path Traversal (CVE-2016-7982)

SPIP is a publishing system for the Internet, which put importance on collaborative working, multilingual environments and ease of use. It is free software, distributed under the GNU/GPL licence.

The valider_xml file can be used to enumerate files on the system.

Lire la suite