Security Advisory: Yeastar N412 and N824 Configuration Panel Account Takeover (CVE-2022-47732)
L’Offensive Security Team di Tinexta Cyber ha identificato diverse vulnerabilità durante un’attività di Penetration Test su Yeastar PBX Configuration Panel serie N.
Security Advisory: Inaz Communication System HEXPERIENCE v8.8.0
L’Offensive Security Team di Tinexta Cyber ha identificato 1 vulnerabilità sull’applicazione web Inaz HExperience v.8.8.0. La vulnerabilità è stata risolta nella versione 8.9.0.
Security Advisory: Teclib – GLPI >= 9.3.0 (CVE-2022-31061)
Tinexta Cyber Offensive Security Team has identified 1 critical vulnerability on Teclib digital assets during a Penetration Test on a customer that use the software GLPI.
Security Advisory: Proietti Planet Time Enterprise (CVE-2022-30422)
L’Offensive Security Team di Tinexta Cyber ha identificato una vulnerabilità della web app Proietti Planet Time Enterprise.
Security Advisory: Solar-Log (CVE-2022-47767)
Tinexta Cyber ha scoperto una backdoor nei dispositivi di monitoraggio fotovoltaico (PV) di Solar-Log GmbH con un impatto su migliaia di clienti. La backdoor consente, in maniera non autenticata, di accedere da remoto alle funzionalità di super admin nell’area riservata del dispositivo.
Security Advisory: Docebo Community Edition <= 4.0.5 (CVE-2022-31361, CVE-2022-31362)
Product description Tinexta Cyber Offensive Security Team has identified multiple vulnerabilities on Docebo Community Edition 4.0.5, an open source e-learning platform also defined as Learning Management System. Technical summary Tinexta Cyber’s Cyber Security Team discovered important vulnerabilities on Docebo CE <= v.4.0.5 Vulnerability CVSS 3.1 Docebo CE <= 4.0.5 – SQL Injection (unauthenticated) 8.6 – High[AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L] […]
Security Advisory: Libnmap <= 0.7.2
Tinexta Cyber Offensive Security Team has identified a severe vulnerability on the python-libnmap Python library (https://pypi.org/project/python-libnmap/).
Security Advisory: Alt-n Security Gateway (CVE-2022-25356)
Tinexta Cyber Offensive Security Team has identified 1 vulnerability on Alt-n Security Gateway product, the vulnerability was found during a Penetration Test.
Security Advisory: Forma LMS (CVE-2022-27104)
Unauthenticated SQL Injection in forma Lms <= 1.4.3 Il Cyber Security Team di Tinexta Cyber ha identificato una vulnerabilità sulle risorse digitali di Forma LMS. Forma Lms Forma Lms è la naturale evoluzione, o un “fork”, dell’ultima versione open source della piattaforma LMS Docebo. Forma Lms è una piattaforma e-learning open source, orientata alle esigenze aziendali: […]
Security Advisory: Emerson – Dixell XWEB-500 Multiple Vulnerabilities (CVE-2021-45420)
1.Technical Summary Tinexta Cyber Offensive Security Team detected some important potential vulnerabilities on: Detected vulnerabilities were: Vulnerability Assets CVSSv3 Severity Arbitrary File Write http://<target>/cgi-bin/logo_extra_upload.cgihttp://<target>/cgi-bin/cal_save.cgihttp://<target>/cgi-bin/lo_utils.cgi 7.5 HIGH Directory Listing http://<target>/cgi-bin/lo_utils.cgi 5.3 MEDIUM In the following section we are reporting some technical details on these vulnerabilities including evidences and proof-of-concepts. 2.Vulnerability details Arbitrary File Write CWE-73: External Control […]