Pentest Blog – Inn for security folks
764 FOLLOWERS
We are the penetration test and vulnerability research team of INVICTUS and PRODAFT SARL. Follow this blog to get information and knowledge on pentest.
Pentest Blog – Inn for security folks
1y ago
Introduction
NetModule Router Software (NRSW) is a Linux-based software solution developed by NetModule for managing data connections across various devices. It applies to a various devices, including stationary and mobile routers, gateways, and IoT devices. NRSW provides consistent configuration processes and functions across all NetModule devices. It includes security features and supports over-the-air updates. NetModule also provides free updates and support for NRSW, contributing to its overall functionality and efficiency in network operations.
Advisory Informations
Remotely Exploitable ..read more
Pentest Blog – Inn for security folks
2y ago
Roxy-WI was created for people who want a fault-tolerant infrastructure but do not want to dive deep into the details of setting up and creating a cluster based on HAProxy / NGINX and Keepalived, or just need a convenient interface for managing all services in one place.
Advisory Information
Remotely Exploitable: Yes
Authentication Required: No
Vendor URL: roxy-wi.org
CVSSv3.1 Score: 10.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L)
Date of found: 10.06.2022
Technical Details Vulnerability #1 – Authentication Bypass
Upon obtaining the Roxy-WI source code from the Roxy GitHub account, I finis ..read more
Pentest Blog – Inn for security folks
2y ago
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing.
Advisory Information
Remotely Exploitable: Yes
Authentication Required: Depends on Configuration
Vendor URL: glpi-project.org
CVSSv3.1 Score: 9.1 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L)
Date of found: 09.06.2022
Technical Details Vulnerability #1 – Unauthenticated/Authenticated SQL Injection
GLPI application contains multiple components (e.g. CMDB, Helpdesk, Project Manageme ..read more
Pentest Blog – Inn for security folks
3y ago
LiderAhenk is an open source software system that enables centralized management, monitoring and control of systems and users on the corporate network.
In this blog post, you will see how bad it can get when you have a critical security vulnerability on your centralized client management system.
Architecture and Our Target
LiderAhenk software has 2 component. Lider and Ahenk.
Lider is the main component where you manage your organization. It is the business layer of Lider Ahenk project running on Karaf container. It contains core functionalities (such as LDAP client, task manager, XM ..read more
Pentest Blog – Inn for security folks
3y ago
This post is password protected. To view it please enter your password below:
Password:
Submit ..read more
Pentest Blog – Inn for security folks
3y ago
This post is password protected. To view it please enter your password below:
Password:
Submit ..read more