Vulnerability Disclosure 15/July/2024 Cross-Site Scripting (XSS) vulnerabilities and direct unauthenticated access found in the LumisXP Framework This publication focuses on the discovery of flaws that allow the execution of arbitrary scripts (HTML/JavaScript) and unauthorized access in applications using LumisXP, without the need for authentication
Vulnerability Disclosure 28/February/2024 CVEs: Access control vulnerabilities found within Multilaser routers’ web management interface This publication deals with the discovery of security flaws that may enable unauthorized access and control of Multilaser router configurations
Vulnerability Disclosure 18/May/2023 CVE-2023-27233: SQL Command Execution Vulnerability in Piwigo 13.5.0 Survey reveals weakness in the open source software, allowing the execution of arbitrary SQL commands
Vulnerability Disclosure 17/May/2023 CVE-2023-26876: SQL injection vulnerability found in Piwigo image management software Security flaw may allow unauthorized access and retrieval of sensitive server data
Vulnerability Disclosure 30/September/2022 CVE-2022-2863: WordPress plugin WPvivid Backup in version 0.9.76 and lower, allows reading of arbitrary files from server Developers of the plugin have patched and released an update correcting the glitch in a later version
Vulnerability Disclosure 25/May/2022 CVE-2021-46426: phpIPAM 1.4.4 allows reflected XSS and CSRF via subnets functionality Its version 1.4.4 is vulnerable to Reflected Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) attacks
Vulnerability Disclosure 25/May/2022 CVE-2021-30140: XSS Vulnerability Detection in Liquid Files LiquidFiles 3.4.15 has stored XSS via "send email" functionality when emailing a file to an administrator.
Web Application Security 25/March/2022 HTTP Method Override – what it is and how a pentester can use it How this technique can help potential attackers bypass security measures based on HTTP methods
Vulnerability Management 17/November/2021 How intelligence data can help manage vulnerabilities With the large number of vulnerabilities detected, the question is: how to prioritize what to fix first?
Vulnerability Disclosure 15/July/2024 Cross-Site Scripting (XSS) vulnerabilities and direct unauthenticated access found in the LumisXP Framework This publication focuses on the discovery of flaws that allow the execution of arbitrary scripts (HTML/JavaScript) and unauthorized access in applications using LumisXP, without the need for authentication
Vulnerability Disclosure 28/February/2024 CVEs: Access control vulnerabilities found within Multilaser routers’ web management interface This publication deals with the discovery of security flaws that may enable unauthorized access and control of Multilaser router configurations
Vulnerability Disclosure 18/May/2023 CVE-2023-27233: SQL Command Execution Vulnerability in Piwigo 13.5.0 Survey reveals weakness in the open source software, allowing the execution of arbitrary SQL commands
Vulnerability Disclosure 17/May/2023 CVE-2023-26876: SQL injection vulnerability found in Piwigo image management software Security flaw may allow unauthorized access and retrieval of sensitive server data
Vulnerability Disclosure 30/September/2022 CVE-2022-2863: WordPress plugin WPvivid Backup in version 0.9.76 and lower, allows reading of arbitrary files from server Developers of the plugin have patched and released an update correcting the glitch in a later version
Vulnerability Disclosure 25/May/2022 CVE-2021-46426: phpIPAM 1.4.4 allows reflected XSS and CSRF via subnets functionality Its version 1.4.4 is vulnerable to Reflected Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) attacks
Vulnerability Disclosure 25/May/2022 CVE-2021-30140: XSS Vulnerability Detection in Liquid Files LiquidFiles 3.4.15 has stored XSS via "send email" functionality when emailing a file to an administrator.
Web Application Security 25/March/2022 HTTP Method Override – what it is and how a pentester can use it How this technique can help potential attackers bypass security measures based on HTTP methods
Vulnerability Management 17/November/2021 How intelligence data can help manage vulnerabilities With the large number of vulnerabilities detected, the question is: how to prioritize what to fix first?
