LabNews
Security Advisories for Jellyfin
The usd HeroLab analysts examined the multimedia application Jellyfin while conducting their security analyses. Two cross-site scripting vulnerabilities were identified that...
Security Advisory for GitLab
The usd HeroLab analysts examined GitLab, a service for version management of software projects, while conducting their security analyses. In the process, a vulnerability was...
Security Advisories for Apache Tomcat
The analysts at usd HeroLab examined the popular Open Source Web Server Apache Tomcat as part of their security analyses. Two vulnerabilities were identified, which made it...
Security Advisory for Acronis Cyber Protect
The analysts at usd HeroLab examined Acronis Cyber Protect application as part of their security analyses. This revealed a vulnerability that allowed a potential attacker with...
Security Advisories for Filerun
The analysts at usd HeroLab examined Filerun as part of their security analyses. This revealed two vulnerabilities that allowed the deletion of arbitrary comments from other...
Deploying Files via Group Policies or How Group Policy Updates Can Ruin Your Day
During a workstation assessment in the beginning of 2021, we identified a trivial privilege escalation vulnerability occurring during Group Policy Updates. The vulnerability...
Security Advisory for CleverReach
The analysts at usd HeroLab examined CleverReach as part of their security analyses. This revealed a vulnerability in the Authentication Bypass Using an Alternate Path or...
Security Advisories for CA Harvest
The analysts at usd HeroLab examined CA Harvest Software Change Manager as part of their security analyses. This revealed a vulnerability in the CSV export functionality, which...
Security Advisories for Vodafone Station
usd HeroLab analysts have identified vulnerabilities in the software of Vodafone station routers that allowed an unauthenticated user with access to the network to make changes...
Security Advisories for Apache Karaf <=4.3.2
The analysts at usd HeroLab examined the Apache Karaf software as part of their security analyses. This revealed a vulnerability in the deserialization of data, which was...
Write-up Registration Challenge Hackercontest Summer 22
Security Advisories for FileCloud < v21.3
The usd HeroLab analysts identified cross-site request forgery (CSRF) vulnerabilities in FileCloud's enterprise file sharing solution while conducting their security analyses. In...
Security Advisory for Micro Focus HPE Operations Agent 12.04.006
Our HeroLab analysts have performed a security analysis on the product HPE Operations Agent by Micro Focus. They identified an XXE (XML eXternal Entity) vulnerability in 2019....
Security Advisory for Zulip <= v4.7
Our HeroLab analysts have performed a security analysis on the open-source collaboration software Zulip. They identified a server-side request forgery vulnerability that in older...
Security Advisory for Thruk Monitoring < v2.46.3
Our analysts at usd HeroLab have examined the Thruk monitoring web interface for e.g. Naemon, Nagios or Icinga during their security analysis. A reflected Cross-site Scripting in...
Security Advisory for Grafana < v8.1.3
Our analysts at usd HeroLab discovered security vulnerabilities in Grafana's input validation while performing their pentests. Through these vulnerabilities it was possible to...
Security Advisory for VMware Workspace ONE Intelligent Hub
Our usd HeroLab pentesters have identified a vulnerability in VMware Workspace ONE Intelligent Hub software while conducting their security analyses. It is a Hidden Functionality...
Security Advisory 11/2021
The usd HeroLabs pentesters have identified vulnerabilities in various products of well-known manufacturers while conducting their security...
Security Advisory 10/2021
The usd HeroLabs pentesters have identified a vulnerability in the product of Microsofts Exchange Server 2016 while conducting their security analyses. Specifically, this is a...
Security Advisory 09/2021
The usd HeroLabs pentesters have identified a vulnerability in the products of the manufacturers Matrix42 and Themeco while conducting their security analyses. Specifically, this...