Skip to main content

Posts

Microsoft Bot Framework - Unvalidated File Upload | Online Service Acknowledgements | Rishu Ranjan

Microsoft Bot Unvalidated File Upload:  The security issue allows a malicious actor to upload any file without validating the extension or content type of the file. Acknowledgment : Microsoft Online Service Acknowledgements for July 2019 ( https://portal.msrc.microsoft.com/en-us/security-guidance/researcher-acknowledgments-online-services?rtc=1 )

Google Blogger- Insecure Implementation of Request Limiter | Google Honourable Mentions | Rishu Ranjan

The security issue allows a malicious actor to bypass the naive security implementation of rate limiters. This allows an attacker to abuse the functionality of profile view count and increases them indefinitely. The following are the steps to reproduce wherein I have used my own blogger account ( https://www.blogger.com/profile/09844396241453600561 )

CVE-2018-12653: Reflected Cross Site Scripting(XSS) in Adrenalin 5.4 HRMS Software | SSRSDynamicEditReports [issue 5 of 5]

As cyber security professional, I come across many various vulnerabilities from critical to low and sometimes informational(How to categorize- CVSS v3 ). Sometime back I was doing as usual my security assessment activity for a Bank(Confidential) for their HRMS web application which was 3rd party software whose vendor was "Adrenalin". CVE ID: CVE-2018-12653 Vulnerability Name: Reflected Cross Site Scripting(XSS) Product: Adrenalin HRMS Affected Version: 5.4.0 Credits: Rishu Ranjan

CVE-2018-12652: Reflected Cross Site Scripting(XSS) in Adrenalin 5.4 HRMS Software | LeaveEmployeeSearch [issue 4 of 5]

As cyber security professional, I come across many various vulnerabilities from critical to low and sometimes informational(How to categorize- CVSS v3 ). Sometime back I was doing as usual my security assessment activity for a Bank(Confidential) for their HRMS web application which was 3rd party software whose vendor was "Adrenalin". CVE ID: CVE-2018-12652 Vulnerability Name: Reflected Cross Site Scripting(XSS) Product: Adrenalin HRMS Affected Version: 5.4.0 Credits: Rishu Ranjan

CVE-2018-12651: Reflected Cross Site Scripting(XSS) in Adrenalin 5.4 HRMS Software | ShiftEmployeeSearch [issue 3 of 5]

As cyber security professional, I come across many various vulnerabilities from critical to low and sometimes informational(How to categorize- CVSS v3 ). Sometime back, I was doing as usual my security assessment activity for a Client (Confidential) for their HRMS web application which was 3rd party software whose vendor was "Adrenalin". CVE ID: CVE-2018-12651 Vulnerability Name: Reflected Cross Site Scripting(XSS) Product: Adrenalin HRMS Affected Version: 5.4 Source: MITRE Credits: Rishu Ranjan