SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
Metasploit Module – BisonFTP Server Remote Buffer Overflow Vulnerability
MYRE Real Estate Software Multiple XSS and SQL Injection Vulnerabilities
CVE Research
MYRE Real Estate Software Multiple XSS and SQL Injection Vulnerabilities
SecPod Research Team member (Sooraj K.S) has found Multiple XSS and SQL Injection Vulnerabilities in MYRE Real Estate Software. The vulnerability is caused by improper validation of various parameters in several pages. This may allow an attacker to steal cookie-based authentication credentials, comp...
Apache ActiveMQ Source Code Disclosure Vulnerability
CVE Research
Apache ActiveMQ Source Code Disclosure Vulnerability
SecPod Research Team member (Veerendra G.G) has found information disclosure vulnerability in Apache ActiveMQ. The flaws are caused due to input validation errors while processing URL, which can be exploited to view the source code of a visited page and leads to further attacks.
CiscoKits TFTP Server Directory Traversal Vulnerability
CVE Research
CiscoKits TFTP Server Directory Traversal Vulnerability
SecPod Research Team member (Antu Sanadi) has found a Directory Traversal vulnerability in CiscoKits CCNA TFTP Server. The vulnerability is caused due to improper validation of ‘Read’ request containing ‘../’ sequences. The flaw can be exploited to read arbitrary files via directory traversal attack...
Freefloat FTP Server POST Auth Multiple Commands Buffer Overflow Vulnerabilities
CVE Research
Freefloat FTP Server POST Auth Multiple Commands Buffer Overflow Vulnerabilities
SecPod Research Team member (Veerendra G.G) has found multiple Buffer Overflow vulnerabilities in Freefloat FTP Server that mitigated using a vulnerability management tool. The flaws are caused due to input validation errors while processing DELE, MDTM, RETR, RMD, RNFR, RNTO, STOU, STOR, SIZE, APPE,...
Avaya IP Office Manager TFTP Server Directory Traversal Vulnerability
CVE Research
Avaya IP Office Manager TFTP Server Directory Traversal Vulnerability
SecPod Research Team member (Veerendra G.G) has found a Directory Traversal Vulnerability in Avaya IP Office Manager TFTP Server. The vulnerability is caused due to improper validation of TFTP READ requests containing ‘../’ sequences, which allows attackers to read arbitrary files via directory trav...
Andy’s PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
CVE Research
Andy’s PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
SecPod Research Team member (Sooraj K.S) has found multiple cross-site scripting vulnerabilities in Andy’s PHP Knowledgebase. The vulnerability is caused by improper validation of various parameters in several pages. This may allow an attacker to steal cookie-based authentication credentials or inje...