iTop (ITSM & CMDB) is a complete open source, ITIL, web based service management tool including a fully customizable CMDB, a helpdesk system and a document management tool. It is developed by Combodo and hosted on GitHub

We found a bypass to the CSRF function, which could be used to create a new administrator account or execute code remotely through a variation of the CVE-2018-10642 vulnerability (when an administrator account is targeted).

Lire la suite




User-Friendly USVN is a web interface written in PHP used to configure Subversion repositories.

We found a stored XSS vulnerability inside the commit module, that could allow an attacker to execute JavaScript into the client application and take over user web browsers.

Lire la suite


User-Friendly USVN is a web interface written in PHP used to configure Subversion repositories.

We could execute code remotely, through an OS command injection inside the Timeline module. It can be used by an authenticated user to execute arbitrary command against the operating system.

Lire la suite