Application Security

CVE-2021-43136 – FormaLMS – The evil default value that leads to Authentication Bypass

October 5, 2021January 1, 2022

Preface As part of our recent research activity, we stumbled upon FormaLMS. The project is an open source Learning Management System built by forma.association and...

Application Security

SA-CONTRIB-2021-036 NotSoSAML – Privilege Escalation via XML Signature Wrapping on MiniorangeSAML Drupal Plugin

Cristian Giustini

July 9, 2021November 18, 2021

This is a brief story about how we found a vulnerability on a drupal plugin that, when not configured correctly, could allow an authenticated user...

Application Security

CVE-2020-35749 – Authenticated Directory Traversal Simple Job Board WordPress plugin version < 2.9.3

Arcangelo Saracino

January 18, 2021June 27, 2021

During our research activities we discovered an authenticated local inclusion in the Simple Job Board Wordpress plugin. The Simple Job Board Wordpress plugin has reached...

Application Security

ownCloud Multiple Vulnerabilities

Alessandro Groppo

July 27, 2020June 27, 2021

During one of our research activities we discovered several flaws in the ownCloud product.ownCloud is a popular open-source cloud service similar to Google Drive and the last...

Application Security

Matrix Synapse 1.12.3 – SSRF and Cache poisoning

Cristian Giustini

June 14, 2020July 24, 2021

tl;dr The Matrix Synapse servers have been found affected by a security issue about the lack of a validation system for "Server-to-server" API leading to SSRF and...

Application Security

Multiple SSRF on Vanilla Moodle Installations

Alessandro Groppo

April 14, 2020June 21, 2021

During the time dedicated to research we found 2 Server-Side Request Forgery on Moodle. The first one is a Blind SSRF already discovered in 2018 and tracked...

Application Security

A true story of mobile device geolocation

Alessandro Groppo

December 4, 2019June 21, 2021

TL;DR During the monthly research activity, in accordance with the relative Respnsible Disclosure program, we found and went in depth with an interesting security issue...

Application Security

Rusty Joomla RCE

Alessandro Groppo

October 3, 2019June 21, 2021

Introduction During one of our research activities, we discovered an undisclosed PHP Object Injection on Joomla CMS from the release 3.0.0 to the 3.4.6 (releases from 2012 to December...

Application Security

Prestashop <= 1.7.6.0 RC 1 - Insecure Direct Object Reference

Alessandro Groppo

July 8, 2019June 21, 2021

During a security assessment, we found an Insecure Direct Object Reference on Prestashop. In particular, the finding could allow an attacker to leak personal information such as...

Application Security

Responsible disclosure – Reflected XSS on hireon.amazon.com

o___o

April 13, 2018June 20, 2021

On March 13th, by using dnsrecon (https://github.com/darkoperator/dnsrecon) and a huge wordlist, I came across with an Amazon domain (hireon.amazon.com) with a Reflected XSS. Usually I...

CVE-2021-43136 – FormaLMS – The evil default value that leads to Authentication Bypass

SA-CONTRIB-2021-036 NotSoSAML – Privilege Escalation via XML Signature Wrapping on MiniorangeSAML Drupal Plugin

CVE-2020-35749 – Authenticated Directory Traversal Simple Job Board WordPress plugin version < 2.9.3

ownCloud Multiple Vulnerabilities

Matrix Synapse 1.12.3 – SSRF and Cache poisoning

Multiple SSRF on Vanilla Moodle Installations

A true story of mobile device geolocation

Rusty Joomla RCE

Prestashop <= 1.7.6.0 RC 1 - Insecure Direct Object Reference

Responsible disclosure – Reflected XSS on hireon.amazon.com

Top Category

Application Security

Mobile

Reverse Engineering

Recent Post

Top Category