SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
Ipswitch TFTP Server Directory Traversal Vulnerability
CVE Research
Ipswitch TFTP Server Directory Traversal Vulnerability
SecPod Research Team member (Prabhu S Angadi) has found a Directory Traversal vulnerability in Ipswitch TFTP Server. The vulnerability is caused due to improper validation of ‘Read’ request containing ‘../’ sequences. The flaw can be exploited to read arbitrary files via directory traversal attacks.
GoAhead WebServer Multiple Cross Site Scripting Vulnerabilities
CVE Research
GoAhead WebServer Multiple Cross Site Scripting Vulnerabilities
SecPod Research Team member (Prabhu S Angadi) has found Multiple Cross-Site Scripting Vulnerabilities in GoAhead WebServer. The vulnerability is caused by improper validation of input to ‘name’ & ‘address’ parameters in /goform/formTest page. This may allow an attacker to steal cookie-based authenti...
Hillstone Software HS TFTP Server Denial Of Service Vulnerability
CVE Research
Hillstone Software HS TFTP Server Denial Of Service Vulnerability
SecPod Research Team member (Prabhu S Angadi) has found Denial Of Service Vulnerability in Hillstone Software HS TFTP Server. The vulnerability is caused due to improper validation of WRITE/READ Request Parameter containing long file name. The flaw can be exploited to crash the service but can be st...
Metasploit Module – BisonFTP Server Remote Buffer Overflow Vulnerability
MYRE Real Estate Software Multiple XSS and SQL Injection Vulnerabilities
CVE Research
MYRE Real Estate Software Multiple XSS and SQL Injection Vulnerabilities
SecPod Research Team member (Sooraj K.S) has found Multiple XSS and SQL Injection Vulnerabilities in MYRE Real Estate Software. The vulnerability is caused by improper validation of various parameters in several pages. This may allow an attacker to steal cookie-based authentication credentials, comp...
Apache ActiveMQ Source Code Disclosure Vulnerability
CVE Research
Apache ActiveMQ Source Code Disclosure Vulnerability
SecPod Research Team member (Veerendra G.G) has found information disclosure vulnerability in Apache ActiveMQ. The flaws are caused due to input validation errors while processing URL, which can be exploited to view the source code of a visited page and leads to further attacks.
CiscoKits TFTP Server Directory Traversal Vulnerability
CVE Research
CiscoKits TFTP Server Directory Traversal Vulnerability
SecPod Research Team member (Antu Sanadi) has found a Directory Traversal vulnerability in CiscoKits CCNA TFTP Server. The vulnerability is caused due to improper validation of ‘Read’ request containing ‘../’ sequences. The flaw can be exploited to read arbitrary files via directory traversal attack...