Gespage is a web solution providing a printer portal. Official Website: http://www.gespage.com/
The web application does not properly filter several parameters sent by users, allowing authenticated SQL code injection (Stacked Queries - comment).
These vulnerabilities could allow attackers to retrieve / update data from the database through the application.
We have been looking for a quick and universal signature which could work on all Windows versions during DMA attacks.
This article describes how we achieved this along this the proof of concept code.
FortiWeb is a Web Application Firewall (WAF) produced by the Fortinet company. It enables users to set security filters between unsecured networks and Web applications.
Official website: https://www.fortinet.com/products/application-security/fortiweb.html
We found a password disclosure inside the UI of the appliance.
Odoo is a well-known ERP open source software.
We found an open redirection vulnerability in the software.
PhpCollab is an open source web-based project management system, that enables collaboration across the Internet.
We found a file upload vulnerability in the application.
PhpCollab is an open source web-based project management system, that enables collaboration across the Internet.
We found an SQL injection in the application.
UCOPIA solutions bring together a combination of software, appliance and cloud services serving small to large customers.
More than 12,000 UCOPIA solutions are deployed and maintained by UCOPIA expert partners all over the world.
The affected asset in this report is a WiFi management appliance.
UCOPIA solutions bring together a combination of software, appliance and cloud services serving small to large customers.
More than 12,000 UCOPIA solutions are deployed and maintained by UCOPIA expert partners all over the world.
The affected asset in this report is a WiFi management appliance, in which we found a CHROOT escape and privileges escalation.
We have discovered several vulnerabilities in Google Acquisitions between November 2016 and January 2017.
Reported vulnerabilities are related to the following domains: moodstocks.com, withgoogle.com, and chromeexperiments.com.
The flaws are of two kinds: subdomain takeover (DNS) and XSS vulnerabilities.
We found a CRLF injection vulnerability, combined with session fixation, in OpenVPN Access Server, a commercial component of the famous TLS VPN, open-source, software solution.