Ressources

2021

Avis de sécurité | Local privilege escalation in Cisco SD-WAN < 20.4 and 20.5 , CVE-2021-1528 - Julien Legras

Avis de sécurité | Cisco SD-WAN Multiple vulnerabilities in vManage < 20.5.1 , CVE-2021-1481, CVE-2021-1482, CVE-2021-1483, CVE-2021-1484 - Julien Legras , Théo Louis-Tisserand

Avis de sécurité | WordPress AjaxSearchPro vulnerability , Avis de sécurité pour un plugin WordPress - Julien Egloff , Jérôme Mampianinazakason

Avis de sécurité | Use After Free in CyberArk Digital Vault , Security advisory - Julient Boutet

Avis de sécurité | GLPI FusionInventory 9.5.0 injection SQL , Avis de sécurité - Alexis Danizan , Hugo Vincent

Avis de sécurité | Evolution CMS unauthenticated SQLI and user enumeration , Security advisory - Thomas Etrillard , Nicolas Biscos

Avis de sécurité | YouPHPTube/AVideo multiple vulnerabilities , Security advisory for YouPHPTube/AVideo - Maxime Rinaudo

Avis de sécurité | Code Injection in the J-Web component of Junos OS , Security advisory for the J-Web component of Juniper's Junos OS - Lena David , Geoffrey Bertoli

2020

Avis de sécurité | Centile Istra - SQL injection , Centile Istra - SQL injection - Thibault Guittet , Julien Clergue

Avis de sécurité | SQL injection in LearnPress <= 3.2.7.2 , Security advisory for LearnPress WordPress plugin. - Wilfried Bécard

Avis de sécurité | Local Privilege Escalation in Fortinet SSL VPN for Linux , Security advisory for Fortinet SSL VPN for Linux - Thomas Chauchefoin

Avis de sécurité | Insecure password reset in Sulu < 1.6.35, 2.0.10 & 2.1.1 , Security advisory for Sulu framework - Julien Legras

Avis de sécurité | Cisco SD WAN IOS XE routers command injection , CVE-2019-16011 - Thomas Etrillard , Julien Legras

Avis de sécurité | Android Monospace - Writing and Notes 2.6.3 , Broken Encryption Feature - Lena David

Avis de sécurité | Cisco Viptela vManage neo4j injection and stored XSS , CVE-2019-16010 and CVE-2019-16012 - Thomas Etrillard , Julien Legras

Avis de sécurité | MaarchCourrier 19.04, 18.10, 18.04, 17.06 OS Command injection , MaarchCourrier Security Advisory - Tawfik Bakache , Thomas Etrillard

2019

Avis de sécurité | Arbitrary File Disclosure in Ad Inserter (< 2.4.9) , Security advisory - Wilfried Bécard

Avis de sécurité | Unsafe password reset in GLPI <= 9.4.0 , CVE-2019-13240 - Julien Legras

Avis de sécurité | Stored XSS in GLPI <= 9.4.2 , CVE-2019-13239 - Julien Legras

Avis de sécurité | Pre-authenticated SQL injection in GLPI <= 9.3.3 (CVE-2019-10232) , Security advisory - Thomas Chauchefoin

Avis de sécurité | GLPI 9.4.0 Type juggling authentication bypass (CVE-2019-10231) , Security advisory - Damien Picard , Julien Szlamowicz

Avis de sécurité | GLPI 9.4.0 Timing attack user enumeration (CVE-2019-10233) , Security advisory - Damien Picard , Julien Szlamowicz

Avis de sécurité | GLPI 9.4.0 FusionInventory plugin RCE (CVE-2019-10477) , Security advisory - Damien Picard , Julien Szlamowicz

Avis de sécurité | Unsafe deserialization in Sitecore CMS leading to RCE (CVE-2019-9874 and CVE-2019-9875) , Security advisory - Julien Legras , Adrien Peter

Avis de sécurité | Local file disclosure in mysqljs package 2.17.1 , Security advisory - Julien Legras

Avis de sécurité | TIBCO JasperReports Server XML Entity Expansion Vulnerability (CVE-2019-8986) , Security advisory - Sébastien Dudek , Julien Szlamowicz

Avis de sécurité | Huawei ManageOne ServiceCenter ACL Bypass , Security advisory - Sébastien Dudek , Julien Legras

Avis de sécurité | IPv6 fragmentation vulnerability in OpenBSD Packet Filter (CVE-2019-5597) , Security advisory - Corentin Bayet , Nicolas Collignon , Luca Moro

Avis de sécurité | Command Execution in elFinder's < 2.1.48 PHP connector (CVE-2019-9194) , Security advisory - Thomas Chauchefoin

Avis de sécurité | Path traversal in BlueMind 4.0 < beta3 and 3.5.x < 3.5.11-7 (CVE-2019-9563) , Security advisory - Damien Picard , Julien Szlamowicz

Avis de sécurité | Multiple vulnerabilities in Jenkins Job Import <= 2.1 ( vendor announcement ) , Security advisory - Thomas Chauchefoin , Julien Szlamowicz

Avis de sécurité | Livebox 3 - Weak password reset procedure , Security advisory - Gaetan Ferry , Julien Szlamowicz

2018

Avis de sécurité | Critical vulnerabilities in PineApp Mail Secure 5.1 , Security advisory - Thomas Chauchefoin , Gaetan Ferry

Avis de sécurité | Multiple vulnerabilities in Vectra Cognito: CVE-2018-14889, CVE-2018-14890 and CVE-2018-14891 , Security advisory - Julien Egloff , Thibault Guittet

Avis de sécurité | Cisco Nexus 9000 Series Fabric Switches ACI Mode Shell Escape (CVE-2019-1591) , Security advisory - Nicolas Biscos , Gaetan Ferry

Avis de sécurité | Arbitrary code execution in Duplicator Pro < 1.2.42 , Security advisory - Thomas Chauchefoin , Julien Legras

Avis de sécurité | SQL injection in Image Intense , Security advisory - Thomas Chauchefoin , Julien Legras

Avis de sécurité | Multiple buffer overflows in Visual TOM <= 5.7.4 , Security advisory - Julien Egloff , Florian Guilbert

Avis de sécurité | SQL injection in FlySpray <= v1.0-rc6 , Security advisory - Thomas Chauchefoin , Bastien Faure

Avis de sécurité | Cross-Site Scripting in Zend Server < 9.1.3 ( CVE-2018-10230 ) , Security advisory - Thomas Chauchefoin , Julien Egloff

Avis de sécurité | Missing XML Validation vulnerability in SAP Control Center and SAP Cockpit Framework , SAP Patch - Thomas Chauchefoin , Sébastien Dudek

Avis de sécurité | CVE-2018-9325 ( CVE-2018-9326 , CVE-2018-9327 , CVE-2018-9845 ) , Multiple arbitrary code execution and information leaks in the project Etherpad - Thomas Chauchefoin

Avis de sécurité | Multiple vulnerabilities in WordPress Health Check & Troubleshooting , Security advisory - Julien Legras

2017

Avis de sécurité | TSIG authentication bypass through signature forgery in ISC BIND (CVE-2017-3143) , Security advisory - Clément Berthaux

Avis de sécurité | TSIG authentication bypass for zone transfer operations in ISC BIND (CVE-2017-3142) , Security advisory - Clément Berthaux

Outils , Avis de sécurité | CVE-2017-6008 exploit , Multiple vulnerabilities in the security solution HitmanPro of Sophos: CVE-2017-6007, CVE-2017-6008 and CVE-2017-7441 - Corentin Bayet

Avis de sécurité | TSIG authentication bypass through signature forgery in Knot DNS , Security advisory - Clément Berthaux

2016

Avis de sécurité | CVE-2016-1470 ( CVE-2016-1471 , CVE-2016-1472 , CVE-2016-1473 ) , Multiple vulnerabilities in Cisco Switch SG220 - Nicolas Collignon , Renaud Dubourguais

Avis de sécurité | Multiple vulnerabilities in Citrix Provisioning Services (CVE-2016-9676, CVE-2016-9677, CVE-2016-9678, CVE-2016-9679, CVE-2016-9680) , Security advisories - Fabien Perigaud

Avis de sécurité | Sensitive information disclosure in the RESTX framework , Security advisory - Julien Legras

Avis de sécurité | Multiple vulnerabilities in Oracle ECB and COM products (CVE-2016-3513, CVE-2016-3514, CVE-2016-3515 and CVE-2016-3516) ( #1 , #2 , #3 , #4 ) , Security advisories - Nicolas Collignon , Sébastien Dudek

2015

Avis de sécurité | CVE-2015-6409: Cisco Jabber STARTTLS Downgrade Vulnerability , Security advisory - Renaud Dubourguais , Sébastien Dudek

Avis de sécurité | Security Researcher Acknowledgments for Microsoft Online Services , Security advisory - Jan Kopec

Avis de sécurité | Pre-authentication XXE vulnerability in the Services Drupal module , Security advisory - Renaud Dubourguais

2014

Avis de sécurité | Reverse engineering of the Sercomm feature to reactivate the TCP/32764 backdoor on several routers ( PoC ) , Security vulnerability - Eloi Benoist-Vanderbeken

Avis de sécurité | Arbitrary code execution to escape the Google App Engine Python sandbox , Security vulnerability - Nicolas Collignon

Avis de sécurité | Cross-Site Scripting in the Converse.js XMPP/Jabber client , Security advisory - Renaud Dubourguais

Avis de sécurité | Discovery and patching of a Remote Code Execution in the WP-Filebase plugin , Security advisory - Samir Megueddem

Avis de sécurité | Privilege Escalation and Cross Site Scripting vulnerabilities in IBM InfoSphere Master Data Management Collaborative Edition (CVE-2014-8896, CVE-2014-8897, CVE-2014-8898, CVE-2014-8899) , Security advisories - Jan Kopec

Avis de sécurité | Detection and exploitation of a race condition based arbitrary file upload leading to remote code execution (CVE-2014-2223) , Security advisory - Bastien Faure

Avis de sécurité | Remote code execution in Cisco Jabber for Windows (CVE-2014-0666) , Security advisory - Fabien Perigaud

Avis de sécurité , Outils | Discovery of a backdoor on Linksys routers , Description and PoC - Eloi Benoist-Vanderbeken

2013

Avis de sécurité | OWASP ESAPI library HMAC validation bypass , Security advisory - Renaud Dubourguais , Renaud Feil

2011

Avis de sécurité | Discovery and patching of SQL injections in the WordPress wp-polls plugin , Security advisory - Renaud Feil

2010

Avis de sécurité | MS10-025 Remote code execution in Microsoft Windows Media Services (CVE-2010-0478) , Security advisory - Fabien Perigaud