7 min read 20 Nov 2018 by Simon Scannell
Pydio is a popular file sharing solution used by enterprises and governments around the world. It suffered from a highly critical vulnerability that allowed unauthenticated attackers to compromise the entire file sharing server and to execute arbitrary code on the remote machine (CVE-2018-20718). Find out more about the impact and technical details in our blog post.
11 min read 12 Jun 2018 by Robin Peraglie
Moodle is a widely-used open-source e-Learning software with more than 127 million users allowing teachers and students to digitally manage course activities and exchange learning material, often deployed by large universities. In this post we will examine the technical intrinsics of a critical vulnerability in the previous Moodle release detected by RIPS Code Analysis (CVE-2018-1133).
5 min read 10 Apr 2018 by Robin Peraglie
LimeSurvey is an open source and commercial web application that enables its users to quickly design and setup scalable surveys. RIPS automatically detected two vulnerabilities in LimeSurvey < 2.72.3: An unauthenticated persistent cross-site scripting vulnerability (CVE-2017-18358) and an authenticated arbitrary file write vulnerability which can be chained.
10 min read 17 Dec 2016 by Johannes Dahse
Today, we present a multi-step command execution vulnerability in the popular conference management software OpenConf. The vulnerability was reported and fixed a while ago, but the chain of 4 exploitation steps involved makes it a very interesting vulnerability sample for our advent calendar. 4 - 3 - 2 - 1 …