We discovered a vulnerability during a pentest in a file sharing web application named FileRun. It allows us to access files anywhere through a self-hosted secure cloud storage, backup and sharing files for photos, videos, files and more. The Vulnerability The vulnerability was discovered after the authentication. After we logged

We discovered a vulnerability in a WordPress plugin called Simple Login Log Plugin. Vulnerability: Authenticated Blind SQL Injection, Source IP Address Manipulation Affected Version: 1.1.1 (below version may be affected as well) Patched Version: Not available yet (vendor already contacted but no response) Blind SQL Injection =================== Affected URL:

We discovered a vulnerability on NetGain Enterprise Manager (ver. 7.2.562) during a pentest. We believe that this vulnerability is quite rare and worth to share. Description: Command injection is an attack in which the purpose is execution of arbitrary commands on the host operating system via a vulnerable

Simple stored Cross Site Scripting (XSS) found in WordPress Profile Builder Plugin version 5.2.7 and below. This is just a PoC example, just fill in the minimum password length field with [code]8″><script>alert(1)</script>[/code] After we save the

We discovered the vulnerability when we’re looking for alternate software in network monitoring. We know and we love Nagios, and so the Centreon, they provide a very nice interface of Nagios. Centreon provide nice features and ease of use when you’re dealing with network monitoring. The backend

Trend Micro Control Manager prior to version 5.5 build 1823 (English and Japanese version) and version 6 build 1449 (English version only) are susceptible to SQL Injection. The application does not properly filter user-supplied input. The successful exploitation of this vulnerability could potentially result in arbitrary SQL command input

webERP (ver. 4.08.4) is a mature open-source ERP system providing best practice, multi-user business administration and accounting tools over the web. The vulnerability we discovered sits in the WO (work order) parameter, file WorkOrderEntry.php in the Manufacturing menu.

We discovered that Trend Micro InterScan Messaging Security Suite is vulnerable to Cross Site Scripting and Cross-site Request Forgery. Proof of Concept The vulnerabilities POC are as follow: Cross-site Scripting (CVE-2012-2995) (CWE-79) Persistent/Stored XSS hxxps://127.0.0.1:8445/addRuleAttrWrsApproveUrl.imss?wrsApprovedURL=xssxss"&lt;script&gt;

We discovered that gtAkademik Gamatechno web application is susceptible to SQL Injection and Cross-site Scripting (XSS). Stored/Persistent XSS The web application allows an attacker to inject XSS script inside the database (stored), because there is no sanitation process. There are 2 modules affected by XSS: Message Module and Update

Hexamail Server version 4.4.5 or below is vulnerable to a persistent cross-site scripting (XSS) via HTML email. Vulnerability Description Hexamail Server suffers persistent XSS vulnerability in the mail body, allowing malicious user to execute scripts in a victim’s browser to hijack user sessions, redirect users, and or