Category: Security Advisory

screen_centreon2

We discovered the vulnerability when we’re looking for alternate software in network monitoring. We know and we love Nagios, and so the Centreon, they provide a very nice interface of Nagios. Centreon provide nice features and ease of use when you’re dealing with network monitoring. The backend system is still Nagios, but the interface is […]

PCMAV-scanning

PC Media Antivirus (PCMAV) is an antivirus made in Indonesia. PCMAV is quite popular in 2006 since many virus creators in Indonesia actively spread a computer virus, and infecting most computers in Indonesia. At that time some people start to claim a special anti-virus to detect Indonesia computer viruses, some of which are popular such […]

SmadAV antivirus 9.1 is susceptible to null pointer exploitation. The application does not properly filter the scanner input that processed into smadengine.dll. The successful exploitation of this vulnerability could potentially result a crash on the application, since it will refer to a null pointer, EAX = 0000000. The vulnerable function itself lay on the smadengine.dll […]

  Trend Micro Control Manager prior to version 5.5 build 1823 (English and Japanese version) and version 6 build 1449 (English version only) are susceptible to SQL Injection. The application does not properly filter user-supplied input. The successful exploitation of this vulnerability could potentially result in arbitrary SQL command input to the back-end database, such […]

webERP is a mature open-source ERP system providing best practise, multi-user business administration and accounting tools over the web. The vulnerability sits in the WO (work order) parameter, file WorkOrderEntry.php in the Manufacturing menu. Lack of input validation of the WO parameter may allow malicious users to inject an sql query. Proof of Concept Time-based […]

Trend Micro InterScan Messaging Security Suite is vulnerable to Cross-site Scripting and Cross-site Request Forgery. Proof of Concept The vulnerabilities POC are as follow: Cross-site Scripting (CVE-2012-2995) (CWE-79) Persistent/Stored XSS Non-persistent/Reflected XSS Cross-Site Request Forgery (CVE-2012-2996) (CWE-352) Solution Currently, we are not aware of any vendor solution. You may contact the vendor for patch or […]

gtAkademik Gamatechno web application is susceptible to SQL Injection and Cross-site Scripting (XSS). Stored/Persistent XSS The web application allows an attacker to inject the XSS script inside the database (stored), because there is no such sanitation process. There is 2 modules suffer with XSS: Message Module and Update Profile Module. Persistent XSS in Message Module […]