In this article, I will be sharing several critical vulnerabilities of Seagate Central Storage NAS product.
Read MoreTag: 0day
Advisory | MailCleaner Community Edition Remote Code Execution CVE-2018-20323
In this article, I would like to share a remote code execution vulnerability details of MailCleaner Community Edition product.
Read More
Unexpected Journey #6 – All ways lead to Rome ! Remote Code Execution on MicroFocus Secure Messaging Gateway
It has been a quite while since I haven’t released a new part of unexpected journey article serie. Particularly this small 0-day research project has been certainly didactic to me. Thus, I’ve decided to write down the process of achieving remote code execution on MicroFocus Secure Messaging Gateway product. Read More
Advisory | ManageEngine Applications Manager Remote Code Execution and SQLi
It is an interesting coincidence that almost 1 year ago we identified a critical security issue in a different product (Eventlog Analyzer) of this company. Now, this time we’ve came across with another product of this company during penetration test. To be honest I’ve seen more than 20 different high/critical vulnerability during the analysis of the product but I will only share two of them now, as a full disclosure. Read More
Advisory | Xplico Unauthenticated Remote Code Execution CVE-2017-16666
The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).
Read More