Tag - advisories

OverIT framework XSLT Injection and XXE – CVE-2022-22834 & CVE-2022-22835

During a penetration test activity, two vulnerabilities were discovered on a specific functionality called “Test Trasformazione xsl” whose purpose is to test the correct operation of the XSLT Java engine. This functionality is part of the set of tools available within the Geocall-Framework and it is not active by default. Advisory - CVE-2022-22834 OverIT projects based on...

Merry Hackmas: multiple vulnerabilities in MSI’s products

This blog post serves as an advisory for a couple MSI’s products that are affected by multiple high-severity vulnerabilities in the driver components they are shipped with.All the vulnerabilities are triggered by sending specific IOCTL requests and will allow to:Directly interact with physical memory via the MmMapIoSpace function call, mapping physical memory into a virtual...