Security Advisory: Domotica Labs – IKON SERVER (CVE-2023-24253)
L’Offensive Security Team di Tinexta Cyber ha identificato una vulnerabilità di tipo SQL Injection (unauthenticated) con una severity pari a 7.5 (High) sul prodotto dell’azienda Domotica Labs, IKON SERVER ver. 2.8.6
Security Advisory: Telenia Software TVOX – CVE-2022-43333
L’Offensive Security Team di Tinexta Cyber ha identificato 3 vulnerabilità sul prodotto Telenia Software TVOX.
Security Advisory: Yeastar N412 and N824 Configuration Panel Account Takeover (CVE-2022-47732)
L’Offensive Security Team di Tinexta Cyber ha identificato diverse vulnerabilità durante un’attività di Penetration Test su Yeastar PBX Configuration Panel serie N.
Security Advisory: Inaz Communication System HEXPERIENCE v8.8.0
L’Offensive Security Team di Tinexta Cyber ha identificato 1 vulnerabilità sull’applicazione web Inaz HExperience v.8.8.0. La vulnerabilità è stata risolta nella versione 8.9.0.
Security Advisory: Teclib – GLPI >= 9.3.0 (CVE-2022-31061)
Tinexta Cyber Offensive Security Team has identified 1 critical vulnerability on Teclib digital assets during a Penetration Test on a customer that use the software GLPI.
Security Advisory: Proietti Planet Time Enterprise (CVE-2022-30422)
L’Offensive Security Team di Tinexta Cyber ha identificato una vulnerabilità della web app Proietti Planet Time Enterprise.
Security Advisory: Solar-Log (CVE-2022-47767)
Tinexta Cyber ha scoperto una backdoor nei dispositivi di monitoraggio fotovoltaico (PV) di Solar-Log GmbH con un impatto su migliaia di clienti. La backdoor consente, in maniera non autenticata, di accedere da remoto alle funzionalità di super admin nell’area riservata del dispositivo.
Security Advisory: Docebo Community Edition <= 4.0.5 (CVE-2022-31361, CVE-2022-31362)
Product description Tinexta Cyber Offensive Security Team has identified multiple vulnerabilities on Docebo Community Edition 4.0.5, an open source e-learning platform also defined as Learning Management System. Technical summary Tinexta Cyber’s Cyber Security Team discovered important vulnerabilities on Docebo CE <= v.4.0.5 Vulnerability CVSS 3.1 Docebo CE <= 4.0.5 – SQL Injection (unauthenticated) 8.6 – High[AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L] […]
Security Advisory: Libnmap <= 0.7.2
Tinexta Cyber Offensive Security Team has identified a severe vulnerability on the python-libnmap Python library (https://pypi.org/project/python-libnmap/).
Security Advisory: Alt-n Security Gateway (CVE-2022-25356)
Tinexta Cyber Offensive Security Team has identified 1 vulnerability on Alt-n Security Gateway product, the vulnerability was found during a Penetration Test.
