LabNews
Security Advisories on hugocms and Gitea
The pentest professionals at usd HeroLab examined hugocms and Gitea during their pentests. Thereby, several vulnerabilities were identified. The vulnerabilities were reported to...
Security Advisory on AXIS Webcam
The pentest professionals at usd HeroLab examined the AXIS Webcam (P1364) during their pentests. Our professionals discovered a vulnerability (cross-site request forgery) in the...
Write-Up Registration Challenge Hacker Contest Summer 2024
In the summer semester of 2024, our "Hacker Contest" will be held again at Darmstadt University (TU) and Darmstadt University of Applied Sciences (h_da). In the popular course,...
Security Advisory on WeKan
The pentest professionals at usd HeroLab examined the open source application WeKan during their pentests. This application offers users a solution for organising projects...
Security Advisory on Gambio
The pentest professionals at usd HeroLab examined the online shop software Gambio during their pentests. The software offers merchants various functions that support the...
Security Advisories for SONIX and SAP
The pentest professionals at usd HeroLab examined SONIX Technology Webcam and SAP Fiori Sample Shop during their pentests. Our professionals discovered that systems with a SONIX...
The Surprising Complexity of Finding Known Vulnerabilities
Most organizations extensively use third-party software products and libraries to increase efficiency and decrease costs. As various data breaches and Supply Chain Attacks have...
Security Advisories for Zimperium and FileCloud
The pentest professionals at usd HeroLab examined Zimperium and FileCloud during their pentests. A critical vulnerability was discovered in the Drive application...
Security Advisories for Gambio
The pentest professionals at usd HeroLab examined the online shop software Gambio during their pentests. The software offers merchants various functions that support the...
Security Advisories for Planfocus, FileRun, Keycloak and Documize
The Pentest Professionals at usd HeroLab examined Planfocus, FileRun, Keycloak and Documize during their Pentests. During the security analysis several vulnerabilities were...
Security Advisory for IBM QRadar SIEM
The Pentest Professionals at usd HeroLab examined IBM QRadar SIEM during their Pentests. The security information and event management platform developed by IBM provides advanced...
Pentest of Virtualized Applications (Citrix Breakout Test)
When it comes to providing desktop applications to internal and external company end users, a wide range of virtualized deployment technologies have become established in recent...
Security Advisories for Gibbon Edu
The Pentest Professionals of the usd HeroLab have analyzed the open source educational software Gibbon Edu during their Pentests. Throughout the security analysis, cross-site...
Write-Up Registration Challenge Hacker Contest Winter 2023/24
In the winter semester of 2023, our "Hacker Contest" will be held again at Technical University of Darmstadt (TU). In the popular course, students get real insights into IT...
Security Advisories for SuperWebMailer
The usd HeroLab analysts examined the newsletter management tool SuperWebMailer while conducting their security analysis. During the security analysis, three cross-site...
Security Advisory for Contao
The usd HeroLab analysts examined the Contao content management system while conducting their security analysis. It is an open source software that enables the creation of...
Security Advisories for SAP
The usd HeroLab's pentest professionals examined applications from the software manufacturer SAP while conducting their pentests. During the assessment of the SAP Partner Portal,...
Security Advisory for Windows Admin Center
The analysts at usd HeroLab examined the centralized management tool Windows Admin Center while conducting their security analyses. During the assessment, the entire...
Security Advisory for MultiTech Conduit AP MTCAP2-L4E1
The analysts at usd HeroLab examined the LoRaWAN access point MultiTech Conduit AP MTCAP2-L4E1 while conducting their security analyses. During the assessment they...
Critical Foswiki Vulnerablities: A Logic Error Turned Remote Code Execution
We love open-source software. In context of our mission #moresecurity, Christian Pöschl, security consultant and penetration tester at usd HeroLab had a look at Foswiki as a...