usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Bitbucket Server and Concrete5 CMS. The following vulnerability classes were identified: Server-Side Request Forgery Unencrypted Service Code Injection In accordance with usd HeroLabs …
Security Advisory 06/2020
usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Symantec Endpoint Protection (Broadcom), Gambio GX and NCP Secure Enterprise Client. The following vulnerability classes were identified: Privileged File Write Cross-Site-Request-Forgery (CSRF) Blind …
Security Advisory 04/2020
usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Control-M/Agent, Chocolatey, Zencart, Starface UCC Client and Userlike Chat. The following vulnerability classes were identified: Cross-Site Scripting (XSS) Insufficient Filtering OS Command Injection …
Pentest Scope: How to Determine the Testing Scope?
Pentests are one of the most effective security analysis methods to check the IT security level of a company and identify opportunities for sustainable improvements. In addition, proof of conducting a pentest is an important component of many compliance requirements, …
Security Advisory 02/2020
usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the product Nagios NRPE v.3.2.1. The following vulnerability classes were identified: Insufficient Filtering of Configuration file Memory Corruption (Heap Overflow) Logic Error In accordance with …
Pentest – What analysis approaches are there?
Attackers gaining unauthorized access to IT systems and applications has severe consequences for companies. Pentests identify possible gateways hackers could exploit and show ways to sustainably raise the IT security level of a company. This makes pentesting one of the …
Security Advisory 01/2020
usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Dolibarr ERP/CRM and Codiad Web IDE. The following vulnerability classes were identified: Reflected XSS Stored XSS SQL Injection PHP Code Injection In accordance …
“Made by usd HeroLab” – Sebastian Puttkammer about Tools, Quality and Efficiency
Driven by the motivation to simplify the work for all team members, a team under the leadership of Sebastian Puttkammer, Managing Consultant at usd HeroLab, developed tools “made by usd HeroLab”. We asked what developments the recent years have brought …
Top 7 Quality Criteria for a Pentest Partner
In the era of digitalization, the question of whether systems and applications are effectively protected from attackers is business critical for many companies. The right choice of analysis methods is just as relevant as is choosing a competent partner. In …
Security Advisory 10/2019
Vulnerability Disclosure usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Bitbucket, PhpSpreadsheet and XClarity. The following vulnerability classes were identified: Broken Access Control XML External Entity (XXE) Processing In accordance with …