[CVE-2023-22855] Kardex MLOG - Insecure path join to RCE via SSTI

Kardex MLOG has an insecure path join, which allows to include files locally or from a remote smb server. In combination with the template rendering of .t4 files a SSTI is possible and allows for RCE. This blog post will describe how I found this vulnerability and how to leverage it to gain a reverse shell.
Read more →

[CVE-2020-14293] and [CVE-2020-14294] 2 vulnerabilities in Secure File Transfer Solution Qiata by Secudos

The Secure File Transfer Solution Qiata by Secudos suffers from two vulnerabilities. One persistent Cross-Site Scripting and one Authenticated OS Command Injection with Privilege Escalation. This post will describe the vulnerabilities in detail.
Read more →

[CVE-2020-15492] INNEO Startup Tools 2017/2018 - From Path Traversal to RCE

INNEO Startup Tools has a path traversal vulnerablility in versions up to 2018 M040 (13.0.70.3804). This post will show the details of the vulnerability and how to leverage it to gain RCE.
Read more →