Advisory | NetModule Router Software Race Condition Leads to Remote Code Execution
Pentest Blog – Inn for security folks
by Nuri Çilengir
1y ago
Introduction NetModule Router Software (NRSW) is a Linux-based software solution developed by NetModule for managing data connections across various devices. It applies to a various devices, including stationary and mobile routers, gateways, and IoT devices. NRSW provides consistent configuration processes and functions across all NetModule devices. It includes security features and supports over-the-air updates. NetModule also provides free updates and support for NRSW, contributing to its overall functionality and efficiency in network operations. Advisory Informations Remotely Exploitable ..read more
Visit website
Advisory | Roxy-WI Unauthenticated Remote Code Executions CVE-2022-31137
Pentest Blog – Inn for security folks
by Nuri Cilengir
2y ago
Roxy-WI was created for people who want a fault-tolerant infrastructure but do not want to dive deep into the details of setting up and creating a cluster based on HAProxy / NGINX and Keepalived, or just need a convenient interface for managing all services in one place. Advisory Information Remotely Exploitable: Yes Authentication Required: No Vendor URL: roxy-wi.org CVSSv3.1 Score: 10.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L) Date of found: 10.06.2022 Technical Details Vulnerability #1 – Authentication Bypass Upon obtaining the Roxy-WI source code from the Roxy GitHub account, I finis ..read more
Visit website
Advisory | GLPI Service Management Software Multiple Vulnerabilities and Remote Code Execution
Pentest Blog – Inn for security folks
by Nuri Cilengir
2y ago
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Advisory Information Remotely Exploitable: Yes Authentication Required: Depends on Configuration Vendor URL: glpi-project.org CVSSv3.1 Score: 9.1 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L) Date of found: 09.06.2022 Technical Details Vulnerability #1 – Unauthenticated/Authenticated SQL Injection GLPI application contains multiple components (e.g. CMDB, Helpdesk, Project Manageme ..read more
Visit website
LiderAhenk 0day – All your PARDUS Clients Belongs To Me
Pentest Blog – Inn for security folks
by Mehmet Ince
3y ago
LiderAhenk is an open source software system that enables centralized management, monitoring and control of systems and users on the corporate network. In this blog post, you will see how bad it can get when you have a critical security vulnerability on your centralized client management system. Architecture and Our Target LiderAhenk software has 2 component. Lider and Ahenk. Lider is the main component where you manage your organization. It is the business layer of Lider Ahenk project running on Karaf container. It contains core functionalities (such as LDAP client, task manager, XM ..read more
Visit website
Protected: Pardus 21 Linux Distro – Remote Code Execution 0day 2021
Pentest Blog – Inn for security folks
by Mehmet Ince
3y ago
This post is password protected. To view it please enter your password below: Password: Submit ..read more
Visit website
Protected: Unexpected Journey #7 – GravCMS Unauthenticated Arbitrary YAML Write/Update leads to Code Execution
Pentest Blog – Inn for security folks
by Mehmet Ince
3y ago
This post is password protected. To view it please enter your password below: Password: Submit ..read more
Visit website

Follow Pentest Blog – Inn for security folks on FeedSpot

Continue with Google
Continue with Apple
OR