# Authors: BackBox Team I. INTRODUCTION osTicket is an open-source and widespread ticketing system. One of its latest versions, i.e. v1.15.6, has been found being subject to an SQL Injection vulnerability. II. DESCRIPTION SQL Injection (CVE-2021-45811) The osTicket system allows users to submit tickets and review/update them through the main “tickets.php” page.Through the same page, […]
Authors: Raffaele Forte, BackBox Team
# Authors: Luca Di Domenico, BackBox Team I. INTRODUCTION FASTGate GPON are wireless home gateways for home or office ADSL. The model FGA2130FWB is the router installed when a new customer signs up for a new Internet subscription with the Italian ISP Fastweb. II. DESCRIPTION The administration web panel of the router is vulnerable to […]
# Authors: BackBox Team# Vendor Homepage: https://www.boolebox.it I. INTRODUCTION BooleBox is a Secure File Sharing Utility available as a Cloud, On-Premises or Hybrid service. The product offers a wide variety of File Sharing protection mechanisms and also the possibility of cloud online editing and collaboration. II. CSV Injection, aka Excel Macro Injection or Formula Injection […]
BackBox.org is proud to introduce ADEngine, a professional OSINT tool designed to promptly notify the customer about any data leak found while crawling all kind of sources on the Internet, the Darkweb and the Deepweb. For more information, contact us or come to meet us at the Cybertech Europe 2019 at the stands of our […]
# Product version: v05.01 build 1137# Webapp version: v04.68# Vendor homepage: https://www.saet.org/ I. INTRODUCTION TEBE Small is a physical access control system manufactured by SAET Impianti Speciali.It consists in a modular network of “terminals” which are deployed in a building and read badges or other authentication mechanisms, and a “supervisor”, which is typically installed on […]
# Authors: Raffaele Forte, Andrea Ferraris # Product name: Huawei HG532* # Vendor Homepage: https://www.huawei.com I. INTRODUCTION Huawei HG532* are wireless home gateways for home or office ADSL. The model HG532e is used in Panama by “Cable & Wireless Panama”. shodan.io dork: “Content-Length: 11881” “no-cache” org:”Cable & Wireless Panama”. The model HG532s is distributed in […]
4Securitas, an Irish cybersecurity software firm supporting the BackBox.org project, is building an enterprise product called ACSIA. As a long standing supporter of the Free Open Source Software Community, 4Securitas wishes to endorse this initiative by offering ACSIA to BackBox registered members with a discount of 50% for 6 months and 25% after 6 months […]
# Authors: Andrea Ferraris, Raffaele Forte # Vendor Homepage: http://glpi-project.org # Version: 9.2.1 and earlier I. INTRODUCTION GLPI is the Information Resource-Manager with an additional Administration-Interface. You can use it to build up a database with an inventory for your company (computer, software, printers…). It has enhanced functions to make the daily life for the […]