Vendor: Veeam Product: Veeam Backup Enterprise Manager Service v126.96.36.1992 Type of vulnerability: Multiple, persistent Cross Site Scripting CVSS: 4.1 (AV:A/AC:L/Au:S/C:P/I:P/A:N) CVE: requested Exploit-DB OSVDB: Discovered by: GoSecure! Date of discovery: 16 september 2016 First contact with vendor: 18 september 2016 – Case Id: 01702458 Patching date: 24 march 2016 Full Disclosure: 25 march 2016 Details: A cross site scripting web vulnerability has been… (read more)
Vendor: IPSwitch Product: IMail Server WEB client. Tested on 12.3 and 12.4 before 188.8.131.52 Type of vulnerability: Persistent Cross Site Scripting CVSS: 3.4 – Vector CVE: 2014-3878 Exploit-DB 33633 OSVDB: 107700 107701 107702 Discovered by: GoSecure! Date of discovery: 30 march 2014 First contact with vendor: 31 march 2014 – Case Id: 2-199617 Patching date:… (read more)
Recently I have to write a custom shellcode that accommodate some specific features. Basically I have to avoid the use of some functions like WinExec() and ShellExecute() to create a remote code execution and insert it as payload in a test exploit. I have to search some other function that allow me to execute command… (read more)
This is a awesome way to use usual programs/commands in an unusual way. This PoC can be used to discover open ports on a remote PC when we have the possibility to send to it a blind command but we have no idea about TCP control in the remote environment. These simple scripts take advantage… (read more)
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.