PhpCollab is an open source web-based project management system, that enables collaboration across the Internet.

We found an SQL injection in the application.

UCOPIA solutions bring together a combination of software, appliance and cloud services serving small to large customers.

More than 12,000 UCOPIA solutions are deployed and maintained by UCOPIA expert partners all over the world.

The affected asset in this report is a WiFi management appliance.

UCOPIA solutions bring together a combination of software, appliance and cloud services serving small to large customers.

More than 12,000 UCOPIA solutions are deployed and maintained by UCOPIA expert partners all over the world.

The affected asset in this report is a WiFi management appliance, in which we found a CHROOT escape and privileges escalation.

We have discovered several vulnerabilities in Google Acquisitions between November 2016 and January 2017.

Reported vulnerabilities are related to the following domains: moodstocks.com, withgoogle.com, and chromeexperiments.com.

The flaws are of two kinds: subdomain takeover (DNS) and XSS vulnerabilities.

We found a CRLF injection vulnerability, combined with session fixation, in OpenVPN Access Server, a commercial component of the famous TLS VPN, open-source, software solution.

We found multiple XSS vulnerabilities in ViMbAdmin, a Web front-end to manage virtual domains, mailboxes and aliases.

We found multiple CSRF vulnerabilities in ViMbAdmin, a Web front-end to manage virtual domains, mailboxes and aliases.

We found a file upload vulnerability in the Nuxeo CMS. Through the web interface, we managed to abuse the file upload vulnerability to execute arbitrary code and take over the platform.

We developed a Metasploit module to ease the exploitation.

EyesOfNetwork ("EON") is an OpenSource network monitoring solution.

We found an SQL injection vulnerability in the authenticated part of the application.

Successful exploitation would lead to a complete database dump by any logged user, even with low privileges, thus exposing confidential data.

EyesOfNetwork ("EON") is an OpenSource network monitoring solution.

We found a vulnerability caused by incorrect filtering of inbound parameters of the Web component.

It leads to remote code execution. In other words, an attacker exploiting this vulnerability could retrieve a remote shell (e.g. /bin/bash) on the operating system of the target.