Security Flaws Discovered by Provensec

By : admin In: Articles, Blog November 9, 2015

Security Flaws Discovered by Provensec And Acknowledged By World's Leading Organizations

Vulnerabilities are routinely discovered and disclosed, frequently before vendors have had a fair opportunity to provide a fix, and disclosure often includes working exploits. At Provensec we dedicate a majority of our resources to find such flaws and report them in a responsible way to companies or the security community.This way we ensure that our security researchers and Ethical hackers are making a contribution towards the society and a safer internet.While doing so we also get an opportunity that Provensec Labs is one of the world's leading team in the security research arena and is therefore a best fit for penetration testing needs for organizations of all size. Given below is a partial list of security flaws that we have found in products and services of some of the world's leading brands.      
Sl. No: Product/Site Disclosure Disclosure Type URL
1 Zurmo-Stable-3.1.1 Zurmo-Stable-3.1.1-XSS
Cross Site Scripting (XSS)
xss http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7188
2 n2cms n2cms 2.2.1 Path Disclosure Vulnerability exploit https://packetstormsecurity.com/files/131799/n2cms-2.2.1-Path-Disclosure.html
3 Black Cat CMS Black Cat CMS version 1.1.2 suffers from a cross site scripting vulnerability exploit, xss https://packetstormsecurity.com/files/132589/Black-Cat-CMS-1.1.2-Cross-Site-Scripting.html
4 Zurmo CRM Zurmo CRM 3.0.2 Cross Site Scripting exploit, xss https://packetstormsecurity.com/files/132418/Zurmo-CRM-3.0.2-Cross-Site-Scripting.html
5 PHPWCMS PHPWCMS 1.5.4 Cross Site Request Forgery exploit, csrf https://packetstormsecurity.com/files/132419/PHPWCMS-1.5.4-Cross-Site-Request-Forgery.html
6 Paperlink Balance Paperlink Balance 710 Cross Site Request Forgery exploit, csrf https://packetstormsecurity.com/files/132215/Paperlink-Balance-710-Cross-Site-Request-Forgery.html
7 Gargoyle Gargoyle 1.5.x Command Execution   exploit, remote, code execution https://packetstormsecurity.com/files/132149/Gargoyle-1.5.x-Command-Execution.html
8 Vevocart Vevocart 6.1.0 Open Redirect exploit https://packetstormsecurity.com/files/132086/Vevocart-6.1.0-Open-Redirect.html
9 SolarWinds Network Performance Monitor SolarWinds Network Performance Monitor Open Redirect Exploit https://packetstormsecurity.com/files/132016/SolarWinds-Network-Performance-Monitor-Open-Redirect.html
10 Simple Invoice Simple Invoice 2011.1 Cross Site Request Forgery exploit, csrf https://packetstormsecurity.com/files/131989/Simple-Invoice-2011.1-Cross-Site-Request-Forgery.html
11 Simple Invoice Simple Invoice 2011 Cross Site Scripting exploit, xss https://packetstormsecurity.com/files/131990/Simple-Invoice-2011-Cross-Site-Scripting.html
12 DirectAdmin DirectAdmin 1.48 Cross Site Request Forgery exploit, csrf https://packetstormsecurity.com/files/131991/DirectAdmin-1.48-Cross-Site-Request-Forgery.html
13 Koala Framework Koala Framework 3.7 Cross Site Scripting exploit, xss https://packetstormsecurity.com/files/131807/Koala-Framework-3.7-Cross-Site-Scripting.html
14 BigAce CMS BigAce CMS 3.0 Cross Site Scripting exploit, xss https://packetstormsecurity.com/files/131806/BigAce-CMS-3.0-Cross-Site-Scripting.html
15 gpEasy CMS gpEasy CMS 4.4 Cross Site Scripting exploit, xss https://packetstormsecurity.com/files/131800/gpEasy-CMS-4.4-Cross-Site-Scripting.html
16 AdaptCMS AdaptCMS 3.0 Cross Site Scripting exploit, xss https://packetstormsecurity.com/files/131808/AdaptCMS-3.0-Cross-Site-Scripting.html
17 FlatPress FlatPress 1.0 Cross Site Scripting exploit, xss https://packetstormsecurity.com/files/131611/FlatPress-1.0-Cross-Site-Scripting.html
18 log2space log2space 6.2 Cross Site Scripting exploit, xss https://packetstormsecurity.com/files/131428/log2space-6.2-Cross-Site-Scripting.html
19 Jaws Jaws 1.1.1 Cross Site Request Forgery exploit, csrf https://packetstormsecurity.com/files/131417/Jaws-1.1.1-Cross-Site-Request-Forgery.html