About
Blog
Research
Services
PfSense Vulnerabilities Part 4: Directory Traversal
Introduction In this article we'll present the CVE-2014-4690 vulnerability existing in pfSense version <= 2.1.3. In later versions of pfSense, the vulnerabilities have been successfully remediated and are no longer present. You should also read the previous articles about PfSense vulnerabilities at the following locations: PfSense Vulnerabilities Part ...
By Dejan Lukan | Jun 02, 2015 | Linux | 0 Comments
Read More ›
PfSense Vulnerabilities Part 3: Local File Inclusion
Introduction In this article we'll present the CVE-2014-4689 vulnerability existing in pfSense version <= 2.1.3. In later versions of pfSense, the vulnerabilities have been successfully remediated and are no longer present. You should also read the previous articles about PfSense vulnerabilities at the following locations: PfSense Vulnerabilities Part ...
By Dejan Lukan | May 27, 2015 | Linux | 0 Comments
Read More ›
PfSense Vulnerabilities Part 2: Command Injection
Introduction In this article we'll present the CVE-2014-4688 vulnerability existing in pfSense version <= 2.1.3. In later versions of pfSense, the vulnerabilities have been successfully remediated and are no longer present. You should also read the previous articles about PfSense vulnerabilities at the following locations: PfSense Vulnerabilities Part ...
By Dejan Lukan | May 19, 2015 | Linux | 2 Comments
Read More ›
Assigning a CVE ID to Zero-Day Vulnerability
Whenever finding a new vulnerability in a software product, it's advisable that a researcher first notifies the company responsible for the product and gives them time to fix the identified vulnerabilities. I've found multiple vulnerabilities in Pfsense firewall and reported them to the Pfsense security team. They were ...
By Dejan Lukan | Sep 27, 2014 | Application Security | 0 Comments
Read More ›
Hacking PDF: util.prinf() Buffer Overflow: Part 2
For part 1 of this series, click here. 1. Introduction In the previous part we've seen the structure of the PDF document and extracted the JavaScript contained in object 6. We also determined that the extracted JavaScript is run when the PDF document is opened. Now it's time ...
By Dejan Lukan | Oct 26, 2012 | Exploit Development | 2 Comments
Read More ›
Vulnerable Applications
Introduction How often have we found ourselves in need of a vulnerable application, which we could use for various purposes? We could use such applications to test the web application scanners to assess the effectiveness of each scanner. We could also use vulnerable applications to test our knowledge of specific ...
By Dejan Lukan | Aug 24, 2012 | Hacking | 1 Comment
Read More ›
Nessus
Nessus is an automatic vulnerability scanner that can detect most known vulnerabilities, such as misconfiguration, default passwords, unpatched services, etc. From the following picture, we can see that Nessus can be classified as a vulnerability scanner, which is in turn part of the automatic scanners. Installing Nessus To install Nessus ...
By Dejan Lukan | Aug 21, 2012 | Hacking | 3 Comments
Read More ›
CONTACT US