SecPod Labs

Security Research

In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.

JAMWiki ‘num’ Parameter Cross Site Scripting Vulnerability

CVE Research

JAMWiki ‘num’ Parameter Cross Site Scripting Vulnerability

SecPod Research Team member (Sooraj K.S) has found Cross-Site Scripting Vulnerabilities in JAMWiki. The vulnerability is caused by improper validation of “num” parameter in “Special:AllPages” pages. This may allow an attacker to steal cookie-based authentication credentials or inject arbitrary HTML ...

Mar 29, 2012 • 1 min read

ArticleSetup Multiple Persistence Cross-Site Scripting and SQL Injection Vulnerabilities

CVE Research

ArticleSetup Multiple Persistence Cross-Site Scripting and SQL Injection Vulnerabilities

SecPod Research Team member (Antu Sanadi) has found Multiple Persistence Cross-Site Scripting and SQL Injection Vulnerabilities in ArticleSetup. The vulnerability is caused by improper validation of various parameters in multiple pages. This may allow an attacker to steal cookie-based authentication...

Mar 29, 2012 • 1 min read

Netmechanica NetDecision Traffic Grapher Server Information Disclosure Vulnerability

CVE Research

Netmechanica NetDecision Traffic Grapher Server Information Disclosure Vulnerability

SecPod Research Team member (Prabhu S Angadi) has found Information Disclosure Vulnerability in Netmechanica NetDecision Traffic Grapher Server. The vulnerability is caused due to improper validation of malicious HTTP GET request to Traffic Grapher Server ‘default.nd’ with invalid HTTP version numbe...

Feb 27, 2012 • 1 min read

Netmechanica NetDecision HTTP Server Denial Of Service Vulnerability

CVE Research

Netmechanica NetDecision HTTP Server Denial Of Service Vulnerability

SecPod Research Team member (Prabhu S Angadi) has found Denial Of Service Vulnerability in Netmechanica NetDecision HTTP Server. The vulnerability is caused due to improper validation of long malicious HTTP request to web server, which allows remote attackers to crash the service.

Feb 27, 2012 • 1 min read

Netmechanica NetDecision Dashboard Server Information Disclosure Vulnerability

CVE Research

Netmechanica NetDecision Dashboard Server Information Disclosure Vulnerability

SecPod Research Team member (Prabhu S Angadi) has found Information Disclosure Vulnerability in Netmechanica NetDecision Dashboard Server. The vulnerability is caused due to improper validation of malicious HTTP requests to the Dashboard server appended with ‘?’ character, which discloses the Dashbo...

Feb 27, 2012 • 1 min read

Sphinix Mobile Web Server Multiple Persistence XSS Vulnerabilities

CVE Research

Sphinix Mobile Web Server Multiple Persistence XSS Vulnerabilities

SecPod Research Team member (Prabhu S Angadi) has found Multiple Persistence Cross-Site Scripting Vulnerabilities in Sphinix Mobile Web Server Blog. The vulnerability is caused by improper validation of “comment” parameter in “/Blog/MyFirstBlog.txt” and “/Blog/AboutSomething.txt” pages. This may all...

Jan 31, 2012 • 1 min read

OfficeSIP Server Denial Of Service Vulnerability

CVE Research

OfficeSIP Server Denial Of Service Vulnerability

SecPod Research Team member (Prabhu S Angadi) has found Denial Of Service Vulnerability in OfficeSIP Server. The vulnerability is caused due to improper validation of SIP/SIPS URI in the ‘To’ header of the request. The flaw can be exploited to crash the service.

Jan 31, 2012 • 1 min read

NetSarang Xlpd Printer Daemon Denial of Service Vulnerability

CVE Research

NetSarang Xlpd Printer Daemon Denial of Service Vulnerability

SecPod Research Team member (Prabhu S Angadi) has found Denial of Service Vulnerability in NetSarang Xlpd Printer Daemon. The vulnerability is caused due to improper validation of malicious LPD request sent to printer daemon. The flaw can be exploited to crash the service.

Jan 31, 2012 • 1 min read

Apache Struts Multiple Persistence Cross-Site Scripting Vulnerabilities

CVE Research

Apache Struts Multiple Persistence Cross-Site Scripting Vulnerabilities

SecPod Research Team member (Antu Sanadi) has found Multiple Persistence Cross-Site Scripting in Apache Struts Vulnerabilities. The vulnerability is caused by improper validation of various parameters in multiple pages. This may allow an attacker to steal cookie-based authentication credentials or i...

Jan 31, 2012 • 1 min read

Search across all Learn content

Security Research

JAMWiki ‘num’ Parameter Cross Site Scripting Vulnerability

ArticleSetup Multiple Persistence Cross-Site Scripting and SQL Injection Vulnerabilities

Netmechanica NetDecision Traffic Grapher Server Information Disclosure Vulnerability

Netmechanica NetDecision HTTP Server Denial Of Service Vulnerability

Netmechanica NetDecision Dashboard Server Information Disclosure Vulnerability

Sphinix Mobile Web Server Multiple Persistence XSS Vulnerabilities

OfficeSIP Server Denial Of Service Vulnerability

NetSarang Xlpd Printer Daemon Denial of Service Vulnerability

Apache Struts Multiple Persistence Cross-Site Scripting Vulnerabilities

Customers

Learn

Support