Published Vulnerabilities

Wed
04
Jun

Local Command Inject Vulnerability discovered in iScan Online Mobile v2.0.1 (iOS)

Local Command Inject Vulnerability discovered in iScan Online Mobile v2.0.1 (iOS - Apple)

Yesterday the Vulnerability Laboratory Research Team discovered a local command inject web vulnerability in the official IScan Online Mobile v2.0.1 iOS web-application.

The iscan software checks if your iOS device has been jailbroken, scans standard apps for manipulation, misconfigurations, makes a proof of the firmware version.

The vulnerability is located in the vulnerable `devicename` value of the `Settings` module. Local attackers are able to inject own malicious system specific commands or path value requests in the vulnerable `devicename` value. The execution of the local command inject occurs in the `Device Settings` module of the iscan online mobile application.

Mon
31
Mar

Dell SonicWALL Email Security 7.4.5 Cross-Site Scripting Vulnerability (ES746)

Dell SonicWALL Email Security version 7.4.5 cross-site scripting vulnerability

Multiple persistent input validation web vulnerabilities has been discovered in the official Dell SonicWall EMail Security Appliance v7.4.6 Web-Application.

Pages

Subscribe to RSS - Published Vulnerabilities