First results from modus.py

Ok. Here we go again... During last few days after I had a pleasure to received some 'results' from CVE Team (1,2,3). I decided that it should be good ('enough';]) idea to create a small 'poc script' (again) to automate a little bit the process of 'finding bugs' (for example: like those mentioned in CVE's reference(s)). Below you will find few details collected after few days of 'research' and pinging the Vendors...

RCE via XSS - Horde 5.2.19

This time I decided to sit for a while with Horde Groupware (5.2.19). “Ready to go” virtual machine we can find at Bitnami’s webpage (big thanks!) so using for example VirtualBox – you can set all things up very quickly. Below you will find few publicly disclosed bugs found during last few days...

Friday surprise from Kali.org

Standard friday evening... checking some twitter and news at net... and then I found...

More SQL Injections in ManageEngine Applications Manager 13

Last time we saw few bugs found in latest ManageEngine Applications Manager 13. Today I decided to publish another 6 (so called ;] '0day') exploits (found between 6-7.11.2017). Details below...

SQL Injection in ManageEngine Applications Manager 13

This morning I decided to start some new "challenge" related to webapp pentesting. That's how I found latest version of ManageEngine Applications Manager.(You can grab a copy here.) Below you will find some 'results'...