F5 BIG-IP is a multi-purpose networking device manufactured by F5 Networks which can be configured to work as traffic shaping system, firewall, load balancer, access gateway, rate limiter or SSL middleware. F5 BIG-IP devices are one of the most popular networking products and are widely used in government networks, banks, on the networks of internet […]

Read More →

SaltStack Salt is a very popular open-source remote task and configuration management framework widely used in data centers and cloud environments. Two critical security flaws have been discovered in Salt that can allow an attacker to execute arbitrary commands as root. These vulnerabilities are identified as CVE-2020-11651 and CVE-2020-11652, and are of two different classes […]

Read More →

Oracle Micros POS is a hospitality management platform providing enterprise point-of-sale (POS) and back-office functionality to support a wide range of food and beverage operations. Oracle’s MICROS has more than 330,000 cash registers worldwide and currently, Oracle is the third-largest provider of PoS software on the market. Oracle in January 2018 as part of their quarterly patching […]

Read More →

In this Patch Tuesday, Microsoft released Seven Bulletins addressing a total of 66 vulnerabilities. The high priority fix is for Internet Explorer, which alone addresses 59 out of 66 vulnerabilities and it includes fix for 0-day CVE-2014-1770. Two are rated as Critical, addressing 61 vulnerabilities and five are rated as Important. Critical security updates addresses security […]

Read More →

SecPod Research Team member (Prabhu S Angadi) has found a Directory Traversal vulnerability in Ipswitch TFTP Server. The vulnerability is caused due to improper validation of ‘Read’ request containing ‘../’ sequences. The flaw can be exploited to read arbitrary files via directory traversal attacks. POC : Download here. More information on the flaws can be […]

Read More →

SecPod Research Team member (Antu Sanadi) has found a Directory Traversal vulnerability in CiscoKits CCNA TFTP Server. The vulnerability is caused due to improper validation of ‘Read’ request containing ‘../’ sequences. The flaw can be exploited to read arbitrary files via directory traversal attacks. POC : Download here. More information on the flaws can be found here. […]

Read More →

SecPod Research Team member (Veerendra G.G) has found a Directory Traversal Vulnerability in Avaya IP Office Manager TFTP Server. The vulnerability is caused due to improper validation of TFTP READ requests containing ‘../’ sequences, which allows attackers to read arbitrary files via directory traversal attacks and gain sensitive information. POC : Download here. Packet Capture : Download […]

Read More →