FOG is a free, open source, computer cloning and management solution.
We found several vulnerabilities in Fog, a free and open source computer cloning and management solution : a SQL injection (CVSS 9.3) and an unauthenticated remote command execution vulnerability (CVSS 10).
As a solution, the vendor recommends using the beta/development builds, instead of the 1.2.0 stable release.
Several XSS vulnerabilities have been found on several pages of the administration panel. Reflected XSS may lead to session hijacking on admin user.
Several vulnerabilities have been discovered between 2015, October and 2016, February.
Reported vulnerabilities are similar to those previously discovered by hyp3rlinx, although they concern different pages.
In brief, the flaws are of the following kinds: CSRF, XSS (reflected and stored), file upload and information disclosure. Most vulnerabilities need an administration access to the web application and may lead to personal information leakage or account take-over.
Horsys is a human resource appliation, allowing the user to manage his profile, vacation, position title and other personnal data like address, phone number and so on.
The application runs on Windows and launches a web server. This product has been developped by Asys company.
We found that it is vulnerable to several vulnerabilities, which can lead to personal information leakage or account take-over.
You wish to know more about the qualified team? So did we.
That's why we asked them to tell us more about them. And there we go. Every year, Sysdream is partner of the Nuit Du Hack to handle the private CTF. First, the team are being qualified during the #ndhquals who is a 24 hours CTF. They compete to be qualified for the Private CTF. This one is an amazing night, where they will be confronted to a full dedicate environment with a attack-defense game.