During security analyses usd HeroLab penetration testers have identified two vulnerabilites in the online shop management system Zen Cart and in a specially developed plugin. In cooperation with the responsible developers and manufacturers, the following security vulnerabilities were successfully fixed: …
Security Advisory 01/2021
usd HeroLab penetration testers have identified a path traversal vulnerability during security analyses. This vulnerability affects the product Mailoptimizer. In accordance with usd HeroLabs Responsible Disclosure Policy, the vendor has been notified of the existence of this vulnerability. In the …
Security Advisories 10/2020
usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products OScommerce Phoenix CE, NeoPost Mail Accounting Software und SQL Server Management Studio. The following vulnerability classes were identified: Authenticated Remote Code Execution Cross …
Security Advisory 09/2020
usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Gophish and Net-SNMP. The following vulnerability classes were identified: Stored Cross-Site Scripting Non-persistent Self Cross-Site Scripting Clickjacking CSV Injection Insufficient Session Expiration Elevation …
Hack The Box: Fatty Writeup
A full walkthrough of the Hack The Box “Fatty” machine, written by the machine maker (qtc).
Hack The Box: Oouch Writeup
A full walkthrough of the Hack The Box “Oouch” machine, written by the machine maker (qtc).
Security Advisory 07/2020
usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Bitbucket Server and Concrete5 CMS. The following vulnerability classes were identified: Server-Side Request Forgery Unencrypted Service Code Injection In accordance with usd HeroLabs …
Security Advisory 06/2020
usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Symantec Endpoint Protection (Broadcom), Gambio GX and NCP Secure Enterprise Client. The following vulnerability classes were identified: Privileged File Write Cross-Site-Request-Forgery (CSRF) Blind …
Catching the phishes
Florian Haag, dual student in computer science at usd HeroLab, developed a tool chain to automatically detect cloned websites related to phishing attacks during his practical semester at the University of Applied Sciences Darmstadt. Here he gives us an introduction …
Security Advisory 04/2020
usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Control-M/Agent, Chocolatey, Zencart, Starface UCC Client and Userlike Chat. The following vulnerability classes were identified: Cross-Site Scripting (XSS) Insufficient Filtering OS Command Injection …