14 min read 19 Feb 2019 by Simon Scannell
10 min read 19 Dec 2016 by Robin Peraglie
In todays calendar gift, we present another beautiful chain of vulnerabilities which, in the end, allows an attacker to remotely execute arbitrary PHP code. This time, an attacker can smuggle his PHP payload through a valid image file. The issues were detected by RIPS in the open source marketplace software osClass 3.6.1 used for creating classifieds sites.
10 min read 17 Dec 2016 by Johannes Dahse
Today, we present a multi-step command execution vulnerability in the popular conference management software OpenConf. The vulnerability was reported and fixed a while ago, but the chain of 4 exploitation steps involved makes it a very interesting vulnerability sample for our advent calendar. 4 - 3 - 2 - 1 …
10 min read 12 Dec 2016 by Martin Bednorz
The next gift in our advent calendar reveals security issues in Teampass, a collaborative password manager first published in late 2011. We detected a critical unauthenticated SQL injection and many file inclusions which could have led to many leaked passwords and angry users. The issues were reported and fixed earlier this year.