Author: Mike Manzotti – Senior Consultant In a recent security engagement Vivotek Camera IT9388-HT (firmware version: 0100p) was found to be vulnerable to arbitrary file download (CVE-2020-11949) and remote command execution (CVE-2020-11950). Vivotek Camera...
Adoption of voice-activated technology has accelerated in recent years. Voice-controlled functionality on smartphones and voice-controlled devices for home use, such as Amazon Echo and Google Home, have become widespread. Voice control is also being implemented in...
In a recent penetration test of a Moodle instance, a review of the installed plugins revealed several security issues in a plugin that has not been updated for several years. The Jmol/JSmol plugin for the Moodle Learning Management System displays chemical structures...
In a recent penetration test ResourceLink version 20.0.2.1 was found to be vulnerable to local file inclusion (LFI). ResourceLink is a payroll web application that allows HR departments to manage payments and employees’ bank account details.LFI allows an...
In a recent engagement, I was working on a fairly secure website and I came across an interesting Umbraco content management system (CMS) package called Umbraco Forms. Umbraco Forms version 4.1.5, 4.2.1, 4.3.2 and earlier minor versions are vulnerable to local file...
