# Authors: Andrea Ferraris, Raffaele Forte # Vendor Homepage: https://www.idashboards.com/ # Version: 9.6b and earlier I. INTRODUCTION iDashboard is a closed-source system that allows to visualize data in form of graph. II. DESCRIPTION The web application suffers from multiple vulnerabilities. 1. Sensitive Data Exposure Using specific paths an unauthenticated user can obtain various information about […]
# Authors: Ferraris Andrea, Priori Gaetano, Forte Raffaele # Vendor Homepage: http://www.cisco.com # Version: Cisco CM Administrator v10.5.2.10000-5 I. INTRODUCTION Nowadays, the use of VoIP technology is spreading in every business. Voice Over IP allows to carry voice calls over the company network and enables to connect offices across the without any additional cost. […]
# Authors: Paolo Forte, Raffaele Forte # Vendor Homepage: http://www.tildenetwork.com # Version: Tilde CMS v1.0.1 # Tested on: Ubuntu 12.04, PHP 5.3.10 I. INTRODUCTION Tilde CMS is closed-source content management system created by tildenetwork.com II. DESCRIPTION The web application suffers of multiple vulnerabilities. 1. SQL Injection (CVE-2017-11324) Due to missing escaping of the backtick character, […]
# Discovered by: Giovanni Cerrato, Giovanni Guido (BackBox Team) # Vendor Homepage: https://www.lansweeper.com/ # Version: Lansweeper 6.0.0.63 I. INTRODUCTION Lansweeper an Asset Management and Network Inventory Tool (v6.0.0.63 and probably all previous versions) is affected by a XSS vulnerability. II. DESCRIPTION The application is affected by Cross Site Scripting vulnerabilities. An attacker can […]
# Authors: Giovanni Cerrato, Enrico Cinquini # Vendor Homepage: http://osticket.com/ # Version: osTicket v.1.9.12 I. INTRODUCTION Last version of osTicket (v1.9.12) is affected by multiple vulnerabilities. II. DESCRIPTION The web application suffers of multiple vulnerabilities. 1. Upload HTML file It is possible to upload files attached to a ticket at URL: https://hostname/upload/open.php There […]
# Author: Raffaele Forte # Vendor Homepage: http://www.glpi-project.org/ # Software Link: https://forge.glpi-project.org/attachments/download/2093/glpi-0.85.5.tar.gz # Version: GLPI v0.85.5 # Tested on: CentOS release 6.7 (Final), PHP 5.3.3 I. INTRODUCTION GLPI is the Information Resource-Manager with an additional Administration-Interface. You can use it to build up a database with an inventory for your company (computer, software, printers…). […]
# Exploit Author: BackBox Team # Vendor Homepage: http://phpbttrkplus.sourceforge.net/ # Software Link: http://sourceforge.net/projects/phpbttrkplus/files/ # Version: PHPBTTracker+ v2.2 # Tested on: PHP 5.4.27, Apache 2.4.9, MySQL >= 5.0.0 I. INTRODUCTION SQL Injection through User-Agent. User agent is an HTTP header section provided by application used by the original client. This is used for statistical purposes […]
# Author: Raffaele Forte # Vendor Homepage: https://f-fileman.sourceforge.io/ # Version: ffileman v7.0 # Tested on: Linux I. DESCRIPTION Directory traversal vulnerabilities has been found in ffileman 7.0 a web based file and directory manager written with Perl. The vulnerability can be exploited to access local files by entering special characters in variables used to […]