Ylabs2023-07-07T11:14:29+02:00GIS3W: Persistent XSS in G3WSuite 3.5 – CVE-2023-29998
During an engagement on a client's public infrastructure, we detected an exposed installation of G3WSuite. Since we were asked to perform a black box pentest on the G3WSuite installation, we had to find a way to gather as much information about the target as possible. Luckily for us,...
Vade Secure Gateway
During a penetration test activity, several reflected cross-site scripting (XSS) vulnerabilities were found on an application developed by the French Company Vade Secure. The vulnerable application is Vade Secure Gateway which is an email box scanning and processing tool for spam removal that can be managed via a web page.
Once we identified the...
During a penetration test activity, two vulnerabilities were discovered on a specific functionality called “Test Trasformazione xsl” whose purpose is to test the correct operation of the XSLT Java engine. This functionality is part of the set of tools available within the Geocall-Framework and it is not active by default.
Advisory - CVE-2022-22834
OverIT projects based on...
This blog post serves as an advisory for a couple MSI’s products that are affected by multiple high-severity vulnerabilities in the driver components they are shipped with.
All the vulnerabilities are triggered by sending specific IOCTL requests and will allow to:
Directly interact with physical memory via the MmMapIoSpace function call, mapping physical memory into a...