11
Jan
2019
In March 2018, Sysdream have discovered several vulnerabilities in the 420HD IP phone (firmware version: 2.2.12.126). This article describes the exploitation steps.
In March 2018, Sysdream have discovered several vulnerabilities in the 420HD IP phone (firmware version: 2.2.12.126). This article describes the exploitation steps.
The AudioCodes 400HD series of IP phones is a range of easy-to-use, feature-rich desktop devices for the service provider hosted services, enterprise IP telephony and contact center markets.
Most of user inputs in the CGI interface are not protected against XSS injections.
These vulnerabilities have only been tested on the 420HD phone.
The AudioCodes 400HD series of IP phones consists in a range of easy-to-use, feature-rich desktop devices for the service provider hosted services, enterprise IP telephony and contact center markets.
The CGI scripts used on the 420HD phone (web interface) do not filter user inputs correctly. Consequently, an authenticated attacker could inject arbitrary commands (Remote Code Execution) and takes full control over the device. For example, it is possible to intercept live communications.
Hack In Paris, l’évènement de sécurité informatique aura lieu, pour la 9ème année consécutive, du 16 au 20 juin prochain à la Maison de la Chimie. Participez au Call For Paper !
Pour la 4e année consécutive, Sysdream était présent à la DEFCON. Encore une belle édition pour un des évènements les plus incontournables de notre secteur d’activité.
Antidote, a spell checker program for Windows, Linux and macOS operating systems, has been affected by a remote code execution against the update component.
We found a Cross-site scripting (XSS) vulnerability in Dolibarr, which is an "Open Source ERP & CRM for Business" used by many companies worldwide.
We found a SQL injection (SQLi) vulnerability in Dolibarr, which is an "Open Source ERP & CRM for Business" used by many companies worldwide.
We found a Remote Code Execution (RCE) vulnerability in Dolibarr, which is an "Open Source ERP & CRM for Business" used by many companies worldwide.
Several vulnerabilities have been discovered in domains recently acquired by Google between 2017, April and 2017, September.
The reported vulnerabilities are related to the following domains: withgoogle.com and kaggle.com.
The flaws are of the following kinds: broken access control, directory traversal and XSS vulnerabilities.