We understand that it can be very difficult to find managed IT services and support company that covers Apple support, Windows support and Linux support.We use Microsoft Windows, Apple Mac OSX and Various Linux distributions on our own network....

Scanyoursecurity uses vulnerability scanning tools, both commercial and proprietary, as a part of our application assessment process. Vulnerability scanning is one part of our hybrid approach to application assessment. Combined with code review and security testing....

Your security team log many events -- more and more of them all the time. Unfortunately, they don't make much use of these logs except the oldest days when trying to understand something long after it happened.Firewall logs provide threats and traffic behaviour on the network....

Scanyoursecurity Firewall/Router Audit thoroughly evaluates the rule base for known security risks and policy violations. Firewalls and Routers must be implemented and maintained properly. Our Firewall/Router Audit provides a detailed analysis that reduces risks and increases perimeter security....

SCANYOURSECURITY work

Scanyoursecurity is a consultancy responsible for protecting businesses from cyber threats, cyber-attacks, internal threats and business outages. Our technical experts have years of experience in recommending, specifying and implementing IT Security Solutions.

Port scanning is usually done in the initial phase of a penetration test in order to discover all network entry points into the target system. Port scanning is done differently for TCP ports and for UDP ports, which is why we have different tools. Before report, created result would have been completed with False Positive elimination accordingly.

Penetration Testing is to identify the presence of points where a threat (defined by the hacker) can be arranged with existing risks to achieve penetration. Scanyoursecurity helps to prevent penetration by identifying these points and providing effective methods for optimization before they are exploited by malicious hackers.

Last EXPLOITS

Up to Date

  • [webapps] Zabbix 5.0.0 - Stored XSS via URL Widget Iframe
  • [webapps] CMS Made Simple 2.2.15 - Stored Cross-Site Scripting via SVG File Upload (Authenticated)
  • [webapps] Laravel Nova 3.7.0 - 'range' DoS
  • [webapps] Forma LMS 2.3 - 'First & Last Name' Stored Cross-Site Scripting
  • [webapps] Savsoft Quiz 5 - 'field_title' Stored Cross-Site Scripting
  • [local] Chromium 83 - Full CSP Bypass
  • [webapps] Testa Online Test Management System 3.4.7 - 'q' SQL Injection
  • [webapps] MiniCMS 1.10 - 'content box' Stored XSS
  • [webapps] Phpscript-sgh 0.1.0 - Time Based Blind SQL Injection
  • [local] IDT PC Audio 1.0.6499.0 - 'STacSV' Unquoted Service Path
  • [webapps] Composr CMS 10.0.34 - 'banners' Persistent Cross Site Scripting
  • [webapps] Wordpress Plugin Canto 1.3.0 - Blind SSRF (Unauthenticated)
  • [webapps] Invision Community 4.5.4 - 'Field Name' Stored Cross-Site Scripting
  • [webapps] Sony BRAVIA Digital Signage 1.7.8 - System API Information Disclosure
  • [webapps] Sony BRAVIA Digital Signage 1.7.8 - Unauthenticated Remote File Inclusion
  • [webapps] mojoPortal forums 2.7.0.0 - 'Title' Persistent Cross-Site Scripting
  • [webapps] Online Matrimonial Project 1.0 - Authenticated Remote Code Execution
  • [webapps] EgavilanMedia Address Book 1.0 Exploit - SQLi Auth Bypass
  • [webapps] Coastercms 5.8.18 - Stored XSS
  • [local] Microsoft Windows - Win32k Elevation of Privilege
  • [webapps] WordPress Plugin Wp-FileManager 6.8 - RCE
  • [webapps] Car Rental Management System 1.0 - SQL Injection / Local File include
  • [remote] Mitel mitel-cs018 - Call Data Information Disclosure
  • [webapps] Simple College Website 1.0 - 'page' Local File Inclusion
  • [webapps] Anuko Time Tracker 1.19.23.5311 - Password Reset leading to Account Takeover
  • [webapps] Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality
  • [webapps] ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)
  • [webapps] ChurchCRM 4.2.0 - CSV/Formula Injection
  • [webapps] WebDamn User Registration & Login System with User Panel - SQLi Auth Bypass
  • [remote] Ksix Zigbee Devices - Playback Protection Bypass (PoC)
  • [webapps] DotCMS 20.11 - Stored Cross-Site Scripting
  • [webapps] Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile
  • [webapps] Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Add Artwork
  • [webapps] WonderCMS 3.1.3 - 'Menu' Persistent Cross-Site Scripting
  • [webapps] Local Service Search Engine Management System 1.0 - SQLi Authentication Bypass
  • [webapps] Online News Portal System 1.0 - 'Title' Stored Cross Site Scripting
  • [webapps] Bakeshop Online Ordering System 1.0 - 'Owner' Persistent Cross-site scripting
  • [webapps] NewsLister - Authenticated Persistent Cross-Site Scripting
  • [webapps] Online Voting System Project in PHP - 'username' Persistent Cross-Site Scripting
  • [local] IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path
  • [webapps] PRTG Network Monitor 20.4.63.1412 - 'maps' Stored XSS
  • [webapps] WonderCMS 3.1.3 - Authenticated Remote Code Execution
  • [webapps] WonderCMS 3.1.3 - Authenticated SSRF to Remote Remote Code Execution
  • [webapps] EgavilanMedia User Registration & Login System with Admin Panel 1.0 - Stored Cross Site Scripting
  • [webapps] Student Result Management System 1.0 - Authentication Bypass SQL Injection
  • [webapps] EgavilanMedia User Registration & Login System with Admin Panel 1.0 - CSRF
  • [webapps] Under Construction Page with CPanel 1.0 - SQL injection
  • [webapps] Pharmacy Store Management System 1.0 - 'id' SQL Injection
  • [webapps] ILIAS Learning Management System 4.3 - SSRF
  • [local] aSc TimeTables 2021.6.2 - Denial of Service (PoC)