Categories
Advisories

Mirth Connect <= 4.3.0 Unauth RCE

TL;DR IHTeam undertook an independent security assessment of NextGen’s Mirth Connect version <= 4.3.0 and identified the following vulnerability: What’s Mirth Connect Mirth Connect (https://github.com/nextgenhealthcare/connect) is an opensource healthcare data integration system, that enables the management of information using bi-directional sending of many types of messages. The primary use of this interface engine is in […]

Categories
Advisories

Vulnerabilità accumulatori smart Aton Storage

Introduzione ATON Green Storage S.p.A è una compagnia con sede legale a Rimini che vende soluzioni di storage elettrico per impianti fotovoltaici. Avendo da poco usufruito del 110% e cablato due appartamenti con queste tecnologie, ho notato delle serie vulnerabilità nell’API usato dall’applicazione mobile “Aton Storage”. Dopo aver inviato diverse segnalazione alla società senza aver […]

Categories
Advisories

pfBlockerNG Unauth RCE Vulnerability

TL;DR IHTeam undertook an independent security assessment of pfsense’s pfBlockerNG plugin version 2.1.4_26 and identified the following vulnerability: Unauthenticated Remote Command Execution as root (CVE-2022-31814) What’s pfBlockerNG pfBlockerNG (https://docs.netgate.com/pfsense/en/latest/packages/pfblocker.html) is a pfSense plugin that is NOT installed by default and it’s generally used to block inbound connections from whole countries or IP ranges. CVE-2022-31814 IHTeam […]

Categories
Advisories

OnionShare 2.3 >= 2.3.3 Vulnerabilities

TL;DR IHTeam undertook an independent security assessment of OnionShare CLI v2.3.3 and identified the following vulnerabilities: Unauthenticated File Upload (when using –receive in non-public mode) AKA CVE-2021-41868 Disclosure of Chat Participants to Unauthenticated Users (when using –chat option in non-public mode) AKA CVE-2021-41867 What is OnionShare? OnionShare is an open source tool that lets you […]

Categories
Advisories

TerraMaster TOS Multiple Vulnerabilities

TerraMaster is well known for producing data storage devices (NAS and DAS) since 2010. TOS is the name of their web interface to manage functionalities of the device. The product is not new to security vulnerabilities, as Joshua M. of ISE highlighted back in 2018 (https://blog.securityevaluators.com/terramaster-nas-vulnerabilities-discovered-and-exploited-b8e5243e7a63).In 2020, IHTeam performed a security review of the current […]

Categories
Advisories

EFront <= 3.6.9 Community Edition Multiple Vulnerabilities

Security center contact on 08 Sept 2011 Security center reply: 09 Sept 2011 Public Release: 07/10/2011 # Exploit Title: EFront # Google Dork: “eFront (version 3.6.9)” inurl:index.php?ctg=* # Date: 5/09/2011 # Author: IHTeam # Software Link: http://www.efrontlearning.net/download/download-efront.html # Tested on: efront_3.6.9_build11018 # Original Advisory: http://iht.li/FWh # Advisory code: http://iht.li/p/0VV Default username and password: student:student professor:professor […]

Categories
Advisories Top

Make requests through Google servers +DDoS

Discovered on 10 Aug 2011 Google Security center contact: 10 Aug 2011 Response from the Google Security center: N/A Published: 29 Aug 2011 (GMT +1) How does it work? The vulnerable pages are “/_/sharebox/linkpreview/“ and “gadgets/proxy?“ Is possible to request any file type, and G+ will download and show all the content. So, if you […]

Categories
Advisories

WordPress Wp-e-commerce plugin <= 3.8.4 Sql Injection

After 10 days from the official release of 3.8.5, we share our code with all the community. I wanna also thanks Dan for this articles and for his kindness. <?php /* WP e-Commerce <= 3.8.4 SQL Injection Download link: http://wordpress.org/extend/plugins/wp-e-commerce/ Author contact: 29/06/2011 Exploit published: 18/07/2011 Bugged code (wpsc-theme/functions/wpsc-user_log_functions.php): foreach ( (array)$_POST[‘collected_data’] as $value_id => […]

Categories
Advisories

WordPress bSuite plugin <= 4.0.7 Permanent XSS (Add Admin)

WordPress bSuite <= 4.0.7 Permanent XSS -> Add Admin Download link: http://wordpress.org/extend/plugins/bsuite/ Author contact: 29/06/2011 POC published: 11/07/2011 Plugin is out-of-date, last update on 2009, so this is just a POC that show how to made the XSS more useful 😉 FIX: Add htmlspecialchars to output Bug found by: IHTeam Follow us on Twitter! @IHTeam […]