LabNews
Critical Foswiki Vulnerablities: A Logic Error Turned Remote Code Execution
We love open-source software. In context of our mission #moresecurity, Christian Pöschl, security consultant and penetration tester at usd HeroLab had a look at Foswiki as a...
Security Advisories for Foswiki
The analysts at usd HeroLab examined the Foswiki application while conducting their security analyses. They identified vulnerabilities in the application's input...
Security Advisory for Tracim
The analysts at usd HeroLab examined the Tracim collaboration platform while conducting their security analyses. They identified a vulnerability in the application's...
Security Advisory for Microsoft Windows
The analysts at usd HeroLab examined various operating system versions of microsoft windows while conducting their security analyses. While conducting these analyses, they...
Write-Up Registration Challenge Hacker Contest Summer 23
In the summer semester of 2023, our "Hacker Contest" will be held again at Darmstadt University (TU) and Darmstadt University of Applied Sciences (h_da). In the popular course,...
Version 1.3.0 of the Cyber Security Transformation Chef (CSTC) is here
Our Burp Suite plugin "Cyber Security Transformation Chef" (CSTC) supports security analysts in their pentests of complicated web applications and APIs. The CSTC allows to define...
Security Advisories for Friendica
The usd HeroLab analysts examined the Friendica application while conducting their security analyses. It is an open source software to set up a decentralized social network. The...
Security Advisories for NCP Secure Enterprise Client
The usd HeroLabs analysts examined the VPN application NCP Secure Enterprise Client during their security analyses. Several high vulnerabilities and one critical vulnerability...
Security Advisories for Seafile
The usd HeroLab analysts examined the application Seafile while conducting their security analyses. The application can be used to set up a self-managed cloud alternative that...
Security Advisories for Jellyfin
The usd HeroLab analysts examined the multimedia application Jellyfin while conducting their security analyses. Two cross-site scripting vulnerabilities were identified that...
Security Advisory for GitLab
The usd HeroLab analysts examined GitLab, a service for version management of software projects, while conducting their security analyses. In the process, a vulnerability was...
Security Advisories for Apache Tomcat
The analysts at usd HeroLab examined the popular Open Source Web Server Apache Tomcat as part of their security analyses. Two vulnerabilities were identified, which made it...
Security Advisory for Acronis Cyber Protect
The analysts at usd HeroLab examined Acronis Cyber Protect application as part of their security analyses. This revealed a vulnerability that allowed a potential attacker with...
Security Advisories for Filerun
The analysts at usd HeroLab examined Filerun as part of their security analyses. This revealed two vulnerabilities that allowed the deletion of arbitrary comments from other...
Deploying Files via Group Policies or How Group Policy Updates Can Ruin Your Day
During a workstation assessment in the beginning of 2021, we identified a trivial privilege escalation vulnerability occurring during Group Policy Updates. The vulnerability...
Security Advisory for CleverReach
The analysts at usd HeroLab examined CleverReach as part of their security analyses. This revealed a vulnerability in the Authentication Bypass Using an Alternate Path or...
Security Advisories for CA Harvest
The analysts at usd HeroLab examined CA Harvest Software Change Manager as part of their security analyses. This revealed a vulnerability in the CSV export functionality, which...
Security Advisories for Vodafone Station
usd HeroLab analysts have identified vulnerabilities in the software of Vodafone station routers that allowed an unauthenticated user with access to the network to make changes...
Security Advisories for Apache Karaf <=4.3.2
The analysts at usd HeroLab examined the Apache Karaf software as part of their security analyses. This revealed a vulnerability in the deserialization of data, which was...