Jeedom is a home automation solution used in IoT.

We discovered an XSS (cross-site-scripting) injection that can lead to a remote code execution.

A system command injection vulnerability has been introduced in the Atos-Magento module version 3.0.0. This module manage the remote ATOS payment solution for Magento 1.x (1.7+) e-commerce websites.

Découvrez les mesures mises en oeuvre pour assurer votre santé et votre sécurité lors de nos prestations d'audits

This article describes an exploitation path of PackageKit settings in Fedora/CentOS, to achieve local privilege escalation to root without any user interaction.

The scenario uses vulnerabilities in both the default configuration of PackageKit and some packages.

We found a way to escalate our privileges to root, exploiting a vulnerability in the way that a setsuid binary can be abused to load malicious Perl libraries.

A vulnerability has been introduced in the package that installs sqliteODBC in Red Hat / CentOS / Fedora distributions.

It is a race condition that allows local users to escalate their privileges to root permissions.

Ligolo is a simple and lightweight tool for establishing SOCKS5 or TCP tunnels from a reverse connection in complete safety (TLS certificate with elliptical curve).

It is comparable to Meterpreter with Autoroute + Socks4a, but more stable and faster.

Découvrez les mesures mises en oeuvre pour assurer votre santé et votre sécurité au sein de nos locaux.

We found several XSS vulnerabilities in Centreon, a popular monitoring solution.

We found a vulneability in Centreon, the popular monitoring solution: the application exposes user session ID in some server responses.

Combined with other vulnerabilities (like CVE-2020-10946), this can lead to critical exploitation scenarios.