Security Advisory: Forma LMS (CVE-2022-27104)
Unauthenticated SQL Injection in forma Lms <= 1.4.3 Il Cyber Security Team di Tinexta Cyber ha identificato una vulnerabilità sulle risorse digitali di Forma LMS. Forma Lms Forma Lms è la naturale evoluzione, o un “fork”, dell’ultima versione open source della piattaforma LMS Docebo. Forma Lms è una piattaforma e-learning open source, orientata alle esigenze aziendali: […]
Security Advisory: Emerson – Dixell XWEB-500 Multiple Vulnerabilities (CVE-2021-45420)
1.Technical Summary Tinexta Cyber Offensive Security Team detected some important potential vulnerabilities on: Detected vulnerabilities were: Vulnerability Assets CVSSv3 Severity Arbitrary File Write http://<target>/cgi-bin/logo_extra_upload.cgihttp://<target>/cgi-bin/cal_save.cgihttp://<target>/cgi-bin/lo_utils.cgi 7.5 HIGH Directory Listing http://<target>/cgi-bin/lo_utils.cgi 5.3 MEDIUM In the following section we are reporting some technical details on these vulnerabilities including evidences and proof-of-concepts. 2.Vulnerability details Arbitrary File Write CWE-73: External Control […]
Security Advisory: Solari di Udine (CVE-2021-35380)
Introduction During a Penetration Testing activity, the Italian company Tinexta Cyber has identified a new Zero Day relating to an attendance management service that potentially impacts the over 40 devices installed. TermTalk’ is responsible for transferring information from the network of terminals and concentrators to the database of the various application software, for configuring and […]
Security Advisory: Visual Tools DVR (CVE-2021-42071)
Visual Tools DVR VX16 4.2.28.0 – OS Command Injection (unauthenticated) Tinexta Cyber Offensive Security Team identified a critical vulnerability during regular penetration testing on a client related to Visual Tools (trademark) a software from AX Solution LA (https://visual-tools.com). At the time of publication (see the timeline at the bottom of the article), Swascan informed AX Solution […]