Account Hijacking – Integria IMS

Most of the vulnerabilities I uncover fit neatly into a particular category like XSS, SQLi, or buffer overflow. Sometimes, though, looking outside the box can yield interesting finds. In this post I’ll discuss one such vulnerability I discovered in the community edition of Integria IMS server, a PHP-based IT helpdesk Read more…

Security Advisory – Multiple Cross Site Scripting Vulnerabilities in EspoCRM

Product: EspoCRM Vendor: Letrium LTD/Open source software Version: 4.5.0, possibly earlier Category: Cross Site Scripting Vendor notified: 2017-03-24 Patched: 2017-04-03 Disclosed: 2017-04-22 Researcher: Carl Pearson Summary Multiple persistent cross site scripting (XSS) vulnerabilities exist in EspoCRM v4.5.0, in the Knowledge Base article body text field, Accounts billing and shipping address Read more…