We understand that it can be very difficult to find managed IT services and support company that covers Apple support, Windows support and Linux support.We use Microsoft Windows, Apple Mac OSX and Various Linux distributions on our own network....

Scanyoursecurity uses vulnerability scanning tools, both commercial and proprietary, as a part of our application assessment process. Vulnerability scanning is one part of our hybrid approach to application assessment. Combined with code review and security testing....

Your security team log many events -- more and more of them all the time. Unfortunately, they don't make much use of these logs except the oldest days when trying to understand something long after it happened.Firewall logs provide threats and traffic behaviour on the network....

Scanyoursecurity Firewall/Router Audit thoroughly evaluates the rule base for known security risks and policy violations. Firewalls and Routers must be implemented and maintained properly. Our Firewall/Router Audit provides a detailed analysis that reduces risks and increases perimeter security....


Scanyoursecurity is a consultancy responsible for protecting businesses from cyber threats, cyber-attacks, internal threats and business outages. Our technical experts have years of experience in recommending, specifying and implementing IT Security Solutions.

Port scanning is usually done in the initial phase of a penetration test in order to discover all network entry points into the target system. Port scanning is done differently for TCP ports and for UDP ports, which is why we have different tools. Before report, created result would have been completed with False Positive elimination accordingly.

Penetration Testing is to identify the presence of points where a threat (defined by the hacker) can be arranged with existing risks to achieve penetration. Scanyoursecurity helps to prevent penetration by identifying these points and providing effective methods for optimization before they are exploited by malicious hackers.


Up to Date

  • [local] WinRAR 5.61 - Path Traversal
  • [webapps] Moodle 3.4.1 - Remote Code Execution
  • [webapps] Laundry CMS - Multiple Vulnerabilities
  • [webapps] Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities
  • [webapps] ICE HRM 23.0 - Multiple Vulnerabilities
  • [remote] Mail Carrier 2.5.1 - 'MAIL FROM' Buffer Overflow
  • [webapps] CMS Made Simple Showtime2 Module 3.6.2 - (Authenticated) Arbitrary File Upload
  • [webapps] NetData 1.13.0 - HTML Injection
  • [remote] Apache UNO / LibreOffice Version: 6.1.2 / OpenOffice 4.1.6 API - Remote Code Execution
  • [remote] FTPGetter Standard - Remote Code Execution
  • [webapps] Pegasus CMS 1.0 - 'extra_fields.php' Plugin Remote Code Execution
  • [webapps] Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password)
  • [remote] Apache Tika-server < 1.18 - Command Injection
  • [remote] elFinder PHP Connector < 2.1.48 - exiftran Command Injection (Metasploit)
  • [webapps] pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Persistent Cross-Site Scripting
  • [webapps] WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion
  • [local] Microsoft Windows MSHTML Engine - "Edit" Remote Code Execution
  • [dos] Core FTP Server FTP / SFTP Server v2 Build 674 - 'SIZE' Directory Traversal
  • [dos] Core FTP Server FTP / SFTP Server v2 Build 674 - 'MDTM' Directory Traversal
  • [dos] Microsoft Windows - '.reg' File / Dialog Box Message Spoofing
  • [dos] Core FTP 2.0 build 653 - 'PBSZ' Denial of Service (PoC)
  • [webapps] PilusCart 1.4.1 - Cross-Site Request Forgery (Add Admin)
  • [local] NetSetMan 4.7.1 - Local Buffer Overflow (SEH Unicode)
  • [dos] Linux Kernel 4.4 (Ubuntu 16.04) - 'snd_timer_user_ccallback()' Kernel Pointer Leak
  • [webapps] Flexpaper PHP Publish Service 2.3.6 - Remote Code Execution
  • [webapps] PRTG Network Monitor 18.2.38 - (Authenticated) Remote Code Execution
  • [webapps] OpenKM 6.3.2 < 6.3.7 - Remote Command Execution (Metasploit)
  • [webapps] Liferay CE Portal < 7.1.2 ga3 - Remote Command Execution (Metasploit)
  • [shellcode] Linux/x86 - Polymorphic execve(/bin/sh) Shellcode (63 bytes)
  • [shellcode] Linux/x86 - MMX-XOR Encoder / Decoder execve(/bin/sh) Shellcode (44 bytes)
  • [local] Sony Playstation 4 (PS4) < 6.20 - WebKit Code Execution (PoC)
  • [papers] Flexpaper <= 2.3.6 Remote Code Execution Whitepaper
  • [webapps] DirectAdmin 1.55 - 'CMD_ACCOUNT_ADMIN' Cross-Site Request Forgery
  • [shellcode] Linux/x86 - INSERTION Encoder / Decoder execve(/bin/sh) Shellcode (88 bytes)
  • [webapps] McAfee ePO 5.9.1 - Registered Executable Local Access Bypass
  • [webapps] OrientDB 3.0.17 GA Community Edition - Cross-Site Request Forgery / Cross-Site Scripting
  • [remote] OpenSSH SCP Client - Write Arbitrary Files
  • [papers] File transfer skills in the red team post penetration test
  • [remote] TeamCity < 9.0.2 - Disabled Registration Bypass
  • [remote] Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass)
  • [webapps] phpBB 3.2.3 - Remote Code Execution
  • [webapps] WordPress Core 5.0 - Remote Code Execution
  • [remote] Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit)
  • [remote] Imperva SecureSphere 13.x - 'PWS' Command Injection (Metasploit)
  • [local] FreeBSD - Intel SYSRET Privilege Escalation (Metasploit)
  • [local] Anyburn 4.3 x86 - 'Copy disc to image file' Buffer Overflow (Unicode) (SEH)
  • [remote] QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)
  • [webapps] Kados R10 GreenBee - Multiple SQL Injection
  • [dos] Android - getpidcon() Usage in Hardware binder ServiceManager Permits ACL Bypass
  • [dos] Android - binder Use-After-Free via racy Initialization of ->allow_user_free