02 Jan 2018

[CVE-2017-7997] Gespage SQL Injection vulnerability

Gespage is a web solution providing a printer portal. Official Website: http://www.gespage.com/

The web application does not properly filter several parameters sent by users, allowing authenticated SQL code injection (Stacked Queries - comment).

These vulnerabilities could allow attackers to retrieve / update data from the database through the application.

22 Dec 2017

Windows DMA Attacks : Gaining SYSTEM shells using a generic patch

We have been looking for a quick and universal signature which could work on all Windows versions during DMA attacks.

This article describes how we achieved this along this the proof of concept code.

SYSTEM Shell from winlogon.exe

08 Dec 2017

SYSDREAM a obtenu la qualification PASSI !

SYSDREAM a obtenu la qualification PASSI, un label d’exigence et de confiance pour nos audits et pentests !

20 Nov 2017

[CVE-2017-7737] Password disclosure in FortiWeb appliance

FortiWeb is a Web Application Firewall (WAF) produced by the Fortinet company. It enables users to set security filters between unsecured networks and Web applications.

Official website: https://www.fortinet.com/products/application-security/fortiweb.html

We found a password disclosure inside the UI of the appliance.

20 Nov 2017

[CVE-2017-5871] Odoo: URL redirection to distrusted site (open redirect)

Odoo is a well-known ERP open source software.

We found an open redirection vulnerability in the software.

31 Oct 2017

Sysdream, nommé Circle of Excellence ATC par EC-Council.

Pour la 10ème année consécutive nous avons le plaisir de vous annoncer notre élection en tant que cercle d’excellence EC-Council.

29 Sep 2017

[CVE-2017-6090] PhpCollab 2.5.1 Arbitrary File Upload (unauthenticated)

PhpCollab is an open source web-based project management system, that enables collaboration across the Internet.

We found a file upload vulnerability in the application.

29 Sep 2017

[CVE-2017-6089] PhpCollab 2.5.1 Multiple SQL Injections (unauthenticated)

PhpCollab is an open source web-based project management system, that enables collaboration across the Internet.

We found an SQL injection in the application.

29 Sep 2017

[CVE-2017-11321] UCOPIA Wireless Appliance < 5.1.8 Restricted Shell Escape

UCOPIA solutions bring together a combination of software, appliance and cloud services serving small to large customers.

More than 12,000 UCOPIA solutions are deployed and maintained by UCOPIA expert partners all over the world.

The affected asset in this report is a WiFi management appliance.

29 Sep 2017

[CVE-2017-11322] UCOPIA Wireless Appliance < 5.1.8 Privileges Escalation

UCOPIA solutions bring together a combination of software, appliance and cloud services serving small to large customers.

More than 12,000 UCOPIA solutions are deployed and maintained by UCOPIA expert partners all over the world.

The affected asset in this report is a WiFi management appliance, in which we found a CHROOT escape and privileges escalation.

Les actualités

Contactez-nous

Actualités