21Apr-16
13Apr-16
Avactis – Full Disclosure
Advisory: VoidSec-16-001 Date of contact: 19-01-16 2nd date of contact: 23-01-16 Vendor reply: N/A Date of public disclosure: 12-04-16 Product: Avactis PHP Shopping Cart Version: 4.7.9.Next.47900 Vendor: AvactisDownload the Report [EN]
Introduction
Avactis is an open source ecommerce Shopping Cart software. The purpose of the present project is to assess the security posture of some important aspects of Avactis PHP Shopping Cart. The activity is performed through Web Application Penetration Test using Grey Box approach.Vulnerabilities:
Spreading of Files with Malicious Extensions on...
18Jun-15
Minds.com – Full Disclosure
Advisory: VoidSec-15-002 Disclosure date: June18, 2015 Vendor: Minds.com Advisory sent: June 17, 2015 Paolo Stagno ( aka voidsec – [email protected] ) Luca Poletti ( aka kalup – [email protected] )Download the Report [EN]
Introduction
In those last days a new social network called minds is getting attention over the internet, it aims to give transparency and protection to user data. Thanks to those last two points the new site has attracted the support of online activists including the hacking collective Anonymous. We have then decided...
7Mar-15
Report: Ghost Blogging Platform
Advisory: VoidSec-15-001 Disclosure date: March 03, 2015 Vendor: Ghost Advisory sent: January 26, 2015 First delay: February 24,2015Download the Report
Introduzione
In Gennaio, il team VoidSec (voidsec, bughardy, smaury) ha realizzato un web application penetration test sulla piattaforma di blogging Ghost. Ghost è un nuovo content management system dedicato ai blogger che cercano un’alternativa a WordPress. Un crescente numero di utenti ha abbandonato i CMS tradizionali per abbracciare piattaforme più minimali, concentrate sulla lettura e la scrittura, essenziali; in questo Ghost è...
8Dec-14
Report: Yahoo Messenger
Advisory: VoidSec-14-001 Disclosure date: December 08, 2014 CVSS Score: 3.2 Vendor: Yahoo Vulnerability discovery date: November 21, 2014Scarica il Report [IT] | Download the Report [EN]
Introduzione
Android offre agli sviluppatori diverse opzioni per salvare i dati persistenti delle applicazioni. I database locali dovrebbero archiviare i dati in maniera differente, a seconda che i dati siano privati e accessibili solo all’applicazione o all’utente e ad applicazioni esterne. In ogni caso, i dati sensibili dovrebbero sempre essere cifrati per evitare possibili violazioni della privacy. L’applicazione per...
24Nov-13