Vulnerabilities on AdRem NetCrunch platform

Thierry Viaccoz, Sylvain Heiniger and Fabio Poloni identified several vulnerabilities in the AdRem NetCrunch monitoring solution.

Details to these advisories:

CSNC-2019-011 / Server-Side Request Forgery (SSRF)

CSNC-2019-012 / Improper Credential Storage

CSNC-2019-013 / Cross-Site Scripting (XSS)

CSNC-2019-014 / Remote Code Execution

CSNC-2019-015 / Improper Session Handling

CSNC-2019-016 / Cross-Site Request Forgery (CSRF)

CSNC-2019-017 / Hardcoded SSL Private Key

CSNC-2019-018 / Credentials Disclosure

Retour

Blog

29.10.2024

During Business Email Comproise (BEC) engagements we often have to analyze the provenance of emails. According to the FBI's Internet Crime Report, BEC…

Calendar

06.11.2024

Black Alps - Two days of learnings, networking, and fun!

News

20.09.2024

Together with Compass Co founder Ivan Bütler, Viseca Card Services SA is putting the spotlight on phishing. In this type of attack, criminals try to…