Formations

Améliorez vos compétences en prenant part à nos différentes formations sur-mesure.

Prestation sécurité du SI

Identifiez vos failles de sécurité afin de protéger votre SI.

MALICE - Cyber Entraînement

Entrainez vos équipes à la lutte informatique et simulez un environnement de cyberdéfense.

Evènements

Participez à nos évènements et conférences sur la sécurité informatique.

Quoi de neuf chez Sysdream ?


[CVE-2017-5869] Nuxeo Platform remote code execution

We found a file upload vulnerability in the Nuxeo CMS. Through the web interface, we managed to abuse the file upload vulnerability to execute arbitrary code and take over the platform.

We developed a Metasploit module to ease the exploitation.

Lire la suite


[CVE-2017-6088] EON 5.0 Multiple SQL Injection

EyesOfNetwork ("EON") is an OpenSource network monitoring solution.

We found an SQL injection vulnerability in the authenticated part of the application.

Successful exploitation would lead to a complete database dump by any logged user, even with low privileges, thus exposing confidential data.

Lire la suite


[CVE-2017-6087] EON 5.0 Remote Code Execution

EyesOfNetwork ("EON") is an OpenSource network monitoring solution.

We found a vulnerability caused by incorrect filtering of inbound parameters of the Web component.

It leads to remote code execution. In other words, an attacker exploiting this vulnerability could retrieve a remote shell (e.g. /bin/bash) on the operating system of the target.

Lire la suite


Riverbed RiOS insecure cryptographic storage (CVE-2017-5670)

We found vulnerabilities on Riverbed appliance, and specifically in the way the secure vault is protecting TLS private keys.

Such appliances are often found in sensitive environments, where they compress network traffic between end-points. When communications are protected with TLS, such appliance need to decrypt the traffic with the server's private key. Basically, they intercept the traffic in a Man-in-The-Middle position.

Thus, private key storage confidentiality and integrity is critical.

Riverbed

Lire la suite