21 May 2018

[CVE-2018-10095] Dolibarr XSS Injection vulnerability

We found a Cross-site scripting (XSS) vulnerability in Dolibarr, which is an "Open Source ERP & CRM for Business" used by many companies worldwide.

21 May 2018

[CVE-2018-10094] Dolibarr SQL Injection vulnerability

We found a SQL injection (SQLi) vulnerability in Dolibarr, which is an "Open Source ERP & CRM for Business" used by many companies worldwide.

21 May 2018

[CVE-2018-10092] Dolibarr admin panel authenticated Remote Code Execution (RCE) vulnerability

We found a Remote Code Execution (RCE) vulnerability in Dolibarr, which is an "Open Source ERP & CRM for Business" used by many companies worldwide.

30 Apr 2018

Multiple security vulnerabilities in domains belonging to Google

Several vulnerabilities have been discovered in domains recently acquired by Google between 2017, April and 2017, September.

The reported vulnerabilities are related to the following domains: withgoogle.com and kaggle.com.

The flaws are of the following kinds: broken access control, directory traversal and XSS vulnerabilities.

30 Apr 2018

L'exploitation des débordements de mémoire dans le tas

Cet article introduit le sujet de l'exploitation de vulnérabilités dans la gestion de la mémoire basée sur le tas.

15 Mar 2018

[CVE-2018-5233] Grav CMS admin plugin Reflected Cross Site Scripting (XSS) vulnerability

We found and reported some XSS vulnerabilities in Grav CMS, a markdown based content management platform.

15 Jan 2018

[EN] Golang for pentests : Hershell

The Hershell project is a Go source code that is able to generate a reverse shell payload that is cross-platform and able to integrate with the Metasploit framework, among several other features like low detection rate with antivirus and TLS encryption.

08 Jan 2018

[FR] Golang pour le pentest : Hershell

Le projet Hershell a pour but de réaliser un payload de type reverse shell multi-plate-forme, en utilisant un code source unique réalisé en Go.

Il peut ainsi s'intégrer au framework Metasploit avec un bon niveau de furtivité vis-à-vis des solutions antivirales.

02 Jan 2018

[CVE-2017-7998] Gespage stored cross-site-scripting (XSS) vulnerability

Gespage is web solution providing a printer portal. Official Website: http://www.gespage.com/

The web application does not properly filter several parameters sent by users, allowing XSS code injection. These vulnerabilities allow attackers to inject code inside the client web browser, such as malicious scripts in Javascript. Exploitation leads to a full takeover of the web browser, and potentially the operating system.

02 Jan 2018

[CVE-2017-7997] Gespage SQL Injection vulnerability

Gespage is a web solution providing a printer portal. Official Website: http://www.gespage.com/

The web application does not properly filter several parameters sent by users, allowing authenticated SQL code injection (Stacked Queries - comment).

These vulnerabilities could allow attackers to retrieve / update data from the database through the application.

Le lab'

Contactez-nous

Actualités