SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
Andy’s PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
CVE Research
Andy’s PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
SecPod Research Team member (Sooraj K.S) has found multiple cross-site scripting vulnerabilities in Andy’s PHP Knowledgebase. The vulnerability is caused by improper validation of various parameters in several pages. This may allow an attacker to steal cookie-based authentication credentials or inje...
S40 Content Management System (CMS) v0.4.2 beta Cross-Site Scripting Vulnerability
CVE Research
S40 Content Management System (CMS) v0.4.2 beta Cross-Site Scripting Vulnerability
SecPod Research Team member (Antu Sanadi) has found a cross-site scripting vulnerability in S40 Content Management System (CMS). Input passed via the ‘gsearchfield’ parameter in ‘index.php’ is not properly verified before it is returned to the user. This may allow an attacker to steal cookie-based a...
appRain Quick Start Edition Core Edition Multiple Persistence Cross-Site Scripting Vulnerabilities.
CVE Research
appRain Quick Start Edition Core Edition Multiple Persistence Cross-Site Scripting Vulnerabilities.
SecPod Research Team member (Antu Sanadi) has found multiple persistence cross-site scripting vulnerabilities in appRain Quick Start Edition Core Edition. The vulnerability is caused by improper validation of various parameters. This may allow an attacker to steal cookie-based authentications or inj...
AT-TFTP Server v1.8 Remote Denial of Service Vulnerability
CVE Research
AT-TFTP Server v1.8 Remote Denial of Service Vulnerability
SecPod Research Team member (Antu Sanadi) has found a Denial of Service vulnerability in Allied Telesyn TFTP Server. The vulnerability is caused by an error in the “TFTPD.EXE”, which causes the server to crash when no acknowledgment response is sent back to the server after a successful ‘read’. The ...
AR Web Content Manager (AWCM) Cross-Site scripting Vulnerability
CVE Research
AR Web Content Manager (AWCM) Cross-Site scripting Vulnerability
SecPod Research Team member (Antu Sanadi) has found an XSS flaw in AR Web Content Manager (AWCM), which can be used to obtain sensitive information and launch further attacks. The flaw lies in the ‘search’ parameter in ‘search.php‘ while the application processes the user-supplied input and renders ...
PowerZip Insecure Library Loading Vulnerability
CVE Research
PowerZip Insecure Library Loading Vulnerability
Folks, SecPod Research Team member (Karthik N.) has found a DLL Insecure Loading vulnerability in PowerZip application, which can be used to call malicious arbitrary library files into the application context. For more details, please go though this below advisory link.
CUPS IPP Use-After-Free Denial of Service Vulnerability Proof of Concept [CVE-2010-2941]
CVE Research
CUPS IPP Use-After-Free Denial of Service Vulnerability Proof of Concept [CVE-2010-2941]
Fellas, SecPod Research Team member “Veerendra GG” has written a valid working POC to crash CUPS Service. The POC is written based on the information provided in RedHat Bugzilla (CVE-2010-2941) which sends a malformed IPP (Internet Printing Protocol) packets over TCP. For more information on this vu...
Micro CMS Persistent Cross-Site Scripting Vulnerability
CVE Research
Micro CMS Persistent Cross-Site Scripting Vulnerability
Folks, SecPod Research Team member (Veerendra G.G) found persistent XSS flaw in Micro CMS, which can be used to gain sensitive information and launch further attacks. The flaw lies in name parameters while the web Application processes the user-supplied input and renders the content back to the clie...
Pecio CMS Cross-Site scripting Vulnerability
CVE Research
Pecio CMS Cross-Site scripting Vulnerability
Folks, SecPod Research Team member (Antu Sanadi) found persistent XSS flaw in Pecio CMS, which can be used to gain sensitive information and launch further attacks. The flaw lies in search parameters while the web Application processes the user-supplied input and renders the content back to the clie...