Ressources

2023

Avis de sécurité | Security advisory for Virtuozzo SSH Gate , Security advisory for Virtuozzo SSH Gate - Raphaël Lob , Jean Bonnevie

Avis de sécurité | Authentication bypass in Danfoss Storeview Web for SM800 and SC255 versions <= 3.2.6 , Security advisory for Danfoss Storeview Web - Florent Sicchio

Avis de sécurité | Security advisory for Danfoss Storeview Web for SM800 and SC255 , Security advisory for Danfoss Storeview Web - Florent Sicchio

Avis de sécurité | Arbitrary email forgery in Webflow , Security advisory for Webflow - Antoine Carrincazeaux

Avis de sécurité | Multiple vulnerabilities in n8n <= 0.215.2 , CVE-2023-27562, CVE-2023-27563 and CVE-2023-27564. - Antoine Cervoise , Jérôme Mampianinazakason

Avis de sécurité | Stored Cross-Site Scripting (XSS) in Zimbra version 8.8.15_GA_4059 , CVE-2022-41348 - Kevin Tellier , Guillaume Jacques , Melvil Guillaume

Avis de sécurité | Remote Code Execution in Supermicro SuperDoctor5 version < 5.14.0 , Security advisory for Supermicro SuperDoctor 5 - Aymeric Palhière , Gaetan Ferry

Avis de sécurité | Improper Privilege Management in Grails Spring Security Core <= 5.1.0 , CVE-2022-41923 - Benjamin Sepe , Adrien Peter

Avis de sécurité | Remote code execution in BIRT Viewer ≤ 4.12.0 , CVE-2023-0100 - Louis Wolfers

Avis de sécurité | XXE vulnerability in IBM Tivoli Workload Scheduler , CVE-2022-38389 - Geoffrey Bertoli

Avis de sécurité | Multiple vulnerabilities in Dell Unisphere for PowerMax vApp, VASA Provider vApp and Solutions Enabler vApp , CVE-2022-45103 and CVE-2022-45104 - Antoine Carrincazeaux

Avis de sécurité | Multiple vulnerabilities in Nokia Airscale ASIKA , CVE-2023-25185, CVE-2023-25186, CVE-2023-25187, CVE-2023-25188 - Lena David , Geoffrey Bertoli

Avis de sécurité | Multiple vulnerabilities in BMC Control-M < 9.0.20.214 , Security advisory for BMC Control-M - Guillaume Jacques

Avis de sécurité | Authentication Bypass in Izanami Docker image 1.10.22 , CVE-2023-22495 - Raphaël Lob

Avis de sécurité | Lack of access control in Oracle Hyperion Provider Services APS/JAPI version 11.1.2.5 , CVE-2021-2435 - Paul Barbé , Guillaume Jacques , Théo Louis-Tisserand

Avis de sécurité | Multiple vulnerabilities in Oracle EAS Console version 11.1.2.0 , CVE-2021-35651, CVE-2021-35652, CVE-2021-35653, CVE-2021-35654 and CVE-2021-35655 - Paul Barbé , Guillaume Jacques , Théo Louis-Tisserand

Avis de sécurité | Multiple vulnerabilities in Oracle EPM Workspace version 11.2.3.0.0.05 , CVE-2021-2347, CVE-2021-2439 and CVE-2021-2445 - Paul Barbé , Guillaume Jacques , Théo Louis-Tisserand

Avis de sécurité | Multiple vulnerabilities in UCOPIA 5.1 and 6.0.2 , Security advisory for UCOPIA - Tawfik Bakache

Avis de sécurité | Privilege escalation vulnerability in FortiManager version 6.4.5 , CVE-2022-26118 - Clément Amic , Pierre Milioni , Adrien Peter

Avis de sécurité | Mutliple vulnerabilities in ManageEngine ADSelfService Plus , Security advisory for ManageEngine ADSelfService Plus. - Antoine Cervoise , Wilfried Bécard

Avis de sécurité | Sudoedit bypass in Sudo <= 1.9.12p1 , CVE-2023-22809 - Matthieu Barjole , Victor Cutillas

2022

Avis de sécurité | Multiple Cross-Site Scripting vulnerabilities in Sage XRT Business Exchange , CVE-2022-34323 - Mickaël Benassouli , Antoine Gicquel

Avis de sécurité | Multiple Stored Cross-Site Scripting vulnerabilities in Sage Enterprise Intelligence , CVE-2022-34322 - Mickaël Benassouli , Antoine Gicquel

Avis de sécurité | Multiple authenticated blind SQL Injections in Sage XRT Business Exchange application , CVE-2022-34324 - Mickaël Benassouli , Antoine Gicquel

Avis de sécurité | Raft Remote Code Execution , Raft Survival game Remote Code Execution - Thomas Bouzerar

Avis de sécurité | Unrestricted file upload in Rocket TRUfusion Enterprise <= 7.9.6.0 , CVE-2022-36431 - Mehdi Elyassa , Kevin Tellier

Avis de sécurité | integer overflow in VLC < 3.0.18 , CVE-2022-41325 - Kevin Denis

Avis de sécurité | Cross-Site Scripting vulnerabilities in CodeIgniter ≤ 3.1.13 , Security advisory for CodeIgniter - Antoine Cervoise , Maxime Rinaudo

Avis de sécurité | Multiple vulnerabilities in H2O ≤ 3.32.1.3 , Security advisory for H2O - Clément Amic , Lena David

Avis de sécurité | Weak private key generation in SSH.NET <= 2020.0.1 , CVE-2022-29245 - Guillaume André

Avis de sécurité | FortiManager 6.4.5 - Multiple Vulnerabilities , CVE-2021-32587, CVE-2021-32597, CVE-2021-32598, CVE-2021-32603 - Adrien Peter , Clément Amic , Pierre Milioni

Avis de sécurité | Unsafe Object Deserialization in Html2Pdf <= 5.2.3 ( Html2Pdf library ) , CVE-2021-45394 - Clément Amic , Antoine Gicquel

2021

Avis de sécurité | Cisco APIC 4.2(7f) - Multiple Cross-Site Scripting , CVE-2021-1582 - Clément Amic , Pierre Milioni , Guillaume Jacques , Adrien Peter

Avis de sécurité | Cisco Nexus 9000 ACI mode 14.2(7f) - Multiple Vulnerabilities , CVE-2021-1583, CVE-2021-1584 - Clément Amic , Pierre Milioni , Adrien Peter

Avis de sécurité | Cisco SD WAN IOS XE routers command injection #2 , CVE-2021-1529 - Julien Legras

Avis de sécurité | Authentication bypass in Jeedom , CVE-2021-42557 - Maxime Rinaudo , Antoine Cervoise

Avis de sécurité | Multiple vulnerabilities in Nagios XI < 5.8.6 , Security advisory for Nagios XI - Guillaume André

Avis de sécurité | Cross-Site Scripting in Cookiebot WordPress plugin , Security advisory for Cookiebot WordPress plugin - Antoine Cervoise

Avis de sécurité | Multiple vulnerabilities in Centreon < 20.04.13, 20.10.7 & 21.04.2 , Security advisory for Centreon - Guillaume André , Théo Louis-Tisserand

Avis de sécurité | Reflected XSS in Enfold < 4.8.2 , Security advisory - Julien Legras , Guillaume André

Avis de sécurité | WordPress AryoActivityLog vulnerability , Avis de sécurité - Jérôme Mampianinazakason

Avis de sécurité | Cisco SD-WAN Multiple vulnerabilities in vManage < 20.5.1 , CVE-2021-1481, CVE-2021-1482, CVE-2021-1483, CVE-2021-1484 - Julien Legras , Théo Louis-Tisserand

Avis de sécurité | Local privilege escalation in Cisco SD-WAN < 20.4 and 20.5 , CVE-2021-1528 - Julien Legras

Avis de sécurité | WordPress AjaxSearchPro vulnerability , Avis de sécurité pour un plugin WordPress - Julien Egloff , Jérôme Mampianinazakason

Avis de sécurité | Use After Free in CyberArk Digital Vault , Security advisory - Julien Boutet

Avis de sécurité | GLPI FusionInventory 9.5.0 injection SQL , Avis de sécurité - Alexis Danizan , Hugo Vincent

Avis de sécurité | Evolution CMS unauthenticated SQLI and user enumeration , Security advisory - Thomas Etrillard , Nicolas Biscos

Avis de sécurité | YouPHPTube/AVideo multiple vulnerabilities , Security advisory for YouPHPTube/AVideo - Maxime Rinaudo

Avis de sécurité | Code Injection in the J-Web component of Junos OS , Security advisory for the J-Web component of Juniper's Junos OS - Lena David , Geoffrey Bertoli

2020

Avis de sécurité | Centile Istra - SQL injection , Centile Istra - SQL injection - Thibault Guittet , Julien Clergue

Avis de sécurité | SQL injection in LearnPress <= 3.2.7.2 , Security advisory for LearnPress WordPress plugin. - Wilfried Bécard

Avis de sécurité | Local Privilege Escalation in Fortinet SSL VPN for Linux , Security advisory for Fortinet SSL VPN for Linux - Thomas Chauchefoin

Avis de sécurité | Insecure password reset in Sulu < 1.6.35, 2.0.10 & 2.1.1 , Security advisory for Sulu framework - Julien Legras

Avis de sécurité | Cisco SD WAN IOS XE routers command injection , CVE-2019-16011 - Thomas Etrillard , Julien Legras

Avis de sécurité | Android Monospace - Writing and Notes 2.6.3 , Broken Encryption Feature - Lena David

Avis de sécurité | Cisco Viptela vManage neo4j injection and stored XSS , CVE-2019-16010 and CVE-2019-16012 - Thomas Etrillard , Julien Legras

Avis de sécurité | MaarchCourrier 19.04, 18.10, 18.04, 17.06 OS Command injection , MaarchCourrier Security Advisory - Tawfik Bakache , Thomas Etrillard

2019

Avis de sécurité | Arbitrary File Disclosure in Ad Inserter (< 2.4.9) , Security advisory - Wilfried Bécard

Avis de sécurité | Unsafe password reset in GLPI <= 9.4.0 , CVE-2019-13240 - Julien Legras

Avis de sécurité | Stored XSS in GLPI <= 9.4.2 , CVE-2019-13239 - Julien Legras

Avis de sécurité | Pre-authenticated SQL injection in GLPI <= 9.3.3 (CVE-2019-10232) , Security advisory - Thomas Chauchefoin

Avis de sécurité | GLPI 9.4.0 FusionInventory plugin RCE (CVE-2019-10477) , Security advisory - Damien Picard , Julien Szlamowicz

Avis de sécurité | GLPI 9.4.0 Type juggling authentication bypass (CVE-2019-10231) , Security advisory - Damien Picard , Julien Szlamowicz

Avis de sécurité | GLPI 9.4.0 Timing attack user enumeration (CVE-2019-10233) , Security advisory - Damien Picard , Julien Szlamowicz

Avis de sécurité | Unsafe deserialization in Sitecore CMS leading to RCE (CVE-2019-9874 and CVE-2019-9875) , Security advisory - Julien Legras , Adrien Peter

Avis de sécurité | Local file disclosure in mysqljs package 2.17.1 , Security advisory - Julien Legras

Avis de sécurité | TIBCO JasperReports Server XML Entity Expansion Vulnerability (CVE-2019-8986) , Security advisory - Sébastien Dudek , Julien Szlamowicz

Avis de sécurité | Huawei ManageOne ServiceCenter ACL Bypass , Security advisory - Sébastien Dudek , Julien Legras

Avis de sécurité | IPv6 fragmentation vulnerability in OpenBSD Packet Filter (CVE-2019-5597) , Security advisory - Corentin Bayet , Nicolas Collignon , Luca Moro

Avis de sécurité | Command Execution in elFinder's < 2.1.48 PHP connector (CVE-2019-9194) , Security advisory - Thomas Chauchefoin

Avis de sécurité | Path traversal in BlueMind 4.0 < beta3 and 3.5.x < 3.5.11-7 (CVE-2019-9563) , Security advisory - Damien Picard , Julien Szlamowicz

Avis de sécurité | Multiple vulnerabilities in Jenkins Job Import <= 2.1 ( vendor announcement ) , Security advisory - Thomas Chauchefoin , Julien Szlamowicz

Avis de sécurité | Livebox 3 - Weak password reset procedure , Security advisory - Gaetan Ferry , Julien Szlamowicz

2018

Avis de sécurité | Critical vulnerabilities in PineApp Mail Secure 5.1 , Security advisory - Thomas Chauchefoin , Gaetan Ferry

Avis de sécurité | Multiple vulnerabilities in Vectra Cognito: CVE-2018-14889, CVE-2018-14890 and CVE-2018-14891 , Security advisory - Julien Egloff , Thibault Guittet

Avis de sécurité | Cisco Nexus 9000 Series Fabric Switches ACI Mode Shell Escape (CVE-2019-1591) , Security advisory - Nicolas Biscos , Gaetan Ferry

Avis de sécurité | Arbitrary code execution in Duplicator Pro < 1.2.42 , Security advisory - Thomas Chauchefoin , Julien Legras

Avis de sécurité | SQL injection in Image Intense , Security advisory - Thomas Chauchefoin , Julien Legras

Avis de sécurité | Multiple buffer overflows in Visual TOM <= 5.7.4 , Security advisory - Julien Egloff , Florian Guilbert

Avis de sécurité | SQL injection in FlySpray <= v1.0-rc6 , Security advisory - Thomas Chauchefoin , Bastien Faure

Avis de sécurité | Cross-Site Scripting in Zend Server < 9.1.3 ( CVE-2018-10230 ) , Security advisory - Thomas Chauchefoin , Julien Egloff

Avis de sécurité | Missing XML Validation vulnerability in SAP Control Center and SAP Cockpit Framework , SAP Patch - Thomas Chauchefoin , Sébastien Dudek

Avis de sécurité | CVE-2018-9325 ( CVE-2018-9326 , CVE-2018-9327 , CVE-2018-9845 ) , Multiple arbitrary code execution and information leaks in the project Etherpad - Thomas Chauchefoin

Avis de sécurité | Multiple vulnerabilities in WordPress Health Check & Troubleshooting , Security advisory - Julien Legras

2017

Avis de sécurité | TSIG authentication bypass for zone transfer operations in ISC BIND (CVE-2017-3142) , Security advisory - Clément Berthaux

Avis de sécurité | TSIG authentication bypass through signature forgery in ISC BIND (CVE-2017-3143) , Security advisory - Clément Berthaux

Outils , Avis de sécurité | CVE-2017-6008 exploit , Multiple vulnerabilities in the security solution HitmanPro of Sophos: CVE-2017-6007, CVE-2017-6008 and CVE-2017-7441 - Corentin Bayet

Avis de sécurité | TSIG authentication bypass through signature forgery in Knot DNS , Security advisory - Clément Berthaux

2016

Avis de sécurité | CVE-2016-1470 ( CVE-2016-1471 , CVE-2016-1472 , CVE-2016-1473 ) , Multiple vulnerabilities in Cisco Switch SG220 - Nicolas Collignon , Renaud Dubourguais

Avis de sécurité | Multiple vulnerabilities in Citrix Provisioning Services (CVE-2016-9676, CVE-2016-9677, CVE-2016-9678, CVE-2016-9679, CVE-2016-9680) , Security advisories - Fabien Perigaud

Avis de sécurité | Sensitive information disclosure in the RESTX framework , Security advisory - Julien Legras

Avis de sécurité | Multiple vulnerabilities in Oracle ECB and COM products (CVE-2016-3513, CVE-2016-3514, CVE-2016-3515 and CVE-2016-3516) ( #1 , #2 , #3 , #4 ) , Security advisories - Nicolas Collignon , Sébastien Dudek

2015

Avis de sécurité | CVE-2015-6409: Cisco Jabber STARTTLS Downgrade Vulnerability , Security advisory - Renaud Dubourguais , Sébastien Dudek

Avis de sécurité | Security Researcher Acknowledgments for Microsoft Online Services , Security advisory - Jan Kopec

Avis de sécurité | Pre-authentication XXE vulnerability in the Services Drupal module , Security advisory - Renaud Dubourguais

2014

Avis de sécurité | Reverse engineering of the Sercomm feature to reactivate the TCP/32764 backdoor on several routers ( PoC ) , Security vulnerability - Eloi Benoist-Vanderbeken

Avis de sécurité | Arbitrary code execution to escape the Google App Engine Python sandbox , Security vulnerability - Nicolas Collignon

Avis de sécurité | Cross-Site Scripting in the Converse.js XMPP/Jabber client , Security advisory - Renaud Dubourguais

Avis de sécurité | Discovery and patching of a Remote Code Execution in the WP-Filebase plugin , Security advisory - Samir Megueddem

Avis de sécurité | Privilege Escalation and Cross Site Scripting vulnerabilities in IBM InfoSphere Master Data Management Collaborative Edition (CVE-2014-8896, CVE-2014-8897, CVE-2014-8898, CVE-2014-8899) , Security advisories - Jan Kopec

Avis de sécurité | Detection and exploitation of a race condition based arbitrary file upload leading to remote code execution (CVE-2014-2223) , Security advisory - Bastien Faure

Avis de sécurité | Remote code execution in Cisco Jabber for Windows (CVE-2014-0666) , Security advisory - Fabien Perigaud

Avis de sécurité , Outils | Discovery of a backdoor on Linksys routers , Description and PoC - Eloi Benoist-Vanderbeken

2013

Avis de sécurité | OWASP ESAPI library HMAC validation bypass , Security advisory - Renaud Dubourguais , Renaud Feil

2011

Avis de sécurité | Discovery and patching of SQL injections in the WordPress wp-polls plugin , Security advisory - Renaud Feil

2010

Avis de sécurité | MS10-025 Remote code execution in Microsoft Windows Media Services (CVE-2010-0478) , Security advisory - Fabien Perigaud