The AudioCodes 400HD series of IP phones consists in a range of easy-to-use, feature-rich desktop devices for the service provider hosted services, enterprise IP telephony and contact center markets.

The CGI scripts used on the 420HD phone (web interface) do not filter user inputs correctly. Consequently, an authenticated attacker could inject arbitrary commands (Remote Code Execution) and takes full control over the device. For example, it is possible to intercept live communications.

Lire la suite








Several vulnerabilities have been discovered in domains recently acquired by Google between 2017, April and 2017, September.

The reported vulnerabilities are related to the following domains: withgoogle.com and kaggle.com.

The flaws are of the following kinds: broken access control, directory traversal and XSS vulnerabilities.

Lire la suite



Le round de qualifications pour le CTF privé de la Nuit du Hack, organisé par Sysdream, se déroulera entre le 30 mars 2018 à 23h59 (11:59PM CEST, UTC+0200) et le 31 mars 2018 23h59 (11:59PM CEST, UTC+0200).

Lire la suite