SecPod Research Team member (Veerendra G.G) has found a Directory Traversal Vulnerability in Avaya IP Office Manager TFTP Server. The vulnerability is caused due to improper validation of TFTP READ requests containing ‘../’ sequences, which allows attackers to read arbitrary files via directory traversal attacks and gain sensitive information. POC : Download here. Packet Capture : Download […]

Read More →

SecPod Research Team member (Sooraj K.S) has found multiple cross-site scripting vulnerability in Andy’s PHP Knowledgebase. The vulnerability is caused by improper validation of various parameters in several pages. This may allow an attacker to steal cookie-based authentication credentials or inject arbitrary HTML code and launch further attacks. More information can be found here.

Read More →

SecPod Research Team member (Antu Sanadi) has found multiple persistence cross-site scripting vulnerability in appRain Quick Start Edition Core Edition. The vulnerability is caused by improper validation of various parameters. This may allow an attacker to steal cookie-based authentications or inject arbitrary HTML code and launch further attacks. More information can be found here.

Read More →

SecPod Research Team member (Antu Sanadi) has found a cross-site scripting vulnerability in S40 Content Management System (CMS). Input passed via the ‘gsearchfield’ parameter in ‘index.php’ is not properly verified before it is returned to the user. This may allow an attacker to steal cookie-based authentication credentials or inject arbitrary HTML code. More information can […]

Read More →