SecPod Research Team member (Prabhu S Angadi) has found Denial Of Service Vulnerability in Netmechanica NetDecision HTTP Server. The vulnerability is caused due to improper validation of long malicious HTTP request to web server, which allows remote attackers to crash the service. POC : Download here. More information can be found here. CVE Info : […]

Read More →

SecPod Research Team member (Prabhu S Angadi) has found Information Disclosure Vulnerability in Netmechanica NetDecision Traffic Grapher Server. The vulnerability is caused due to improper validation of malicious HTTP GET request to Traffic Grapher Server ‘default.nd’ with invalid HTTP version number followed by multiple ‘CRLF’, which discloses the source code of ‘default.nd’ POC : Download […]

Read More →

SecPod Research Team member (Prabhu S Angadi) has found Information Disclosure Vulnerability in Netmechanica NetDecision Dashboard Server. The vulnerability is caused due to improper validation of malicious HTTP request to Dashboard server appended with ‘?’ character, which discloses the Dashboard server’s web script physical path. POC : Download here. More information can be found here. […]

Read More →

SecPod Research Team member (Prabhu S Angadi) has found Multiple Persistence Cross-Site Scripting Vulnerabilities in Sphinix Mobile Web Server Blog. The vulnerability is caused by improper validation of “comment” parameter in “/Blog/MyFirstBlog.txt” and “/Blog/AboutSomething.txt” pages. This may allow an attacker to steal cookie-based authentication credentials or inject arbitrary HTML code and launch further attacks. More […]

Read More →