29 Sep 2017

[CVE-2017-11321] UCOPIA Wireless Appliance < 5.1.8 Restricted Shell Escape

UCOPIA solutions bring together a combination of software, appliance and cloud services serving small to large customers.

More than 12,000 UCOPIA solutions are deployed and maintained by UCOPIA expert partners all over the world.

The affected asset in this report is a WiFi management appliance.

29 Sep 2017

[CVE-2017-11322] UCOPIA Wireless Appliance < 5.1.8 Privileges Escalation

UCOPIA solutions bring together a combination of software, appliance and cloud services serving small to large customers.

More than 12,000 UCOPIA solutions are deployed and maintained by UCOPIA expert partners all over the world.

The affected asset in this report is a WiFi management appliance, in which we found a CHROOT escape and privileges escalation.

30 Aug 2017

Retour sur la 25e édition de la DEFCON – les tendances de la sécurité informatique

Grâce à Sysdream, du 27 au 30 Juillet, nous y étions, nous aussi, à au Caesar Palace de Las Vegas ! A Las Vegas oui mais pour la convention de hacking la plus connue dans le monde, la DEFCON.

05 Jul 2017

Retour sur le CTF de la NDH XV

La Nuit du Hack s’est déroulée du 24 au 25 Juin 2017. L’événement, qui accueillait cette année 2000 participants, a encore une fois été ponctué par différents challenges qui se sont succédés tout au long de la nuit. Parmi eux, un CTF privé créé et encadré par Sysdream. Retour sur ce dernier challenge phare de la 15e édition de la Nuit du Hack.

05 Jun 2017

Sum up of vulnerabilities found in Google Acquisitions

We have discovered several vulnerabilities in Google Acquisitions between November 2016 and January 2017.

Reported vulnerabilities are related to the following domains: moodstocks.com, withgoogle.com, and chromeexperiments.com.

The flaws are of two kinds: subdomain takeover (DNS) and XSS vulnerabilities.

05 May 2017

[CVE-2017-5868] OpenVPN Access Server : CRLF injection with Session fixation

We found a CRLF injection vulnerability, combined with session fixation, in OpenVPN Access Server, a commercial component of the famous TLS VPN, open-source, software solution.

03 May 2017

[CVE-2017-5870] Multiple XSS vulnerabilities in ViMbAdmin

We found multiple XSS vulnerabilities in ViMbAdmin, a Web front-end to manage virtual domains, mailboxes and aliases.

03 May 2017

[CVE-2017-6086] Multiple CSRF vulnerabilities in ViMbAdmin version 3.0.15

We found multiple CSRF vulnerabilities in ViMbAdmin, a Web front-end to manage virtual domains, mailboxes and aliases.

18 Apr 2017

Writeups of the NDH quals 2017

After this intensive 24 hours of competition, some of you released very good writeups. We would like to complete this by adding the missing one and give a solution to those who are still waiting for them.

06 Apr 2017

Hack In Paris 2017

Organisé par Sysdream, l’événement Hack In Paris réunit, du 19 au 23 juin 2017, les grands noms de la sécurité informatique et des experts techniques, autour de formations et de conférences exclusivement en anglais.

Cet événement international, dédié aux professionels, se tiendra cette année au centre de convention de l'Hôtel New Port Bay - Disneyland Paris.

Les actualités

Contactez-nous

Actualités