Security Advisory 01/2020

usd AG News, Security Research, usd HeroLab

usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Dolibarr ERP/CRM and Codiad Web IDE. The following vulnerability classes were identified: Reflected XSS Stored XSS SQL Injection PHP Code Injection In accordance with usd HeroLabs Responsible Disclosure Policy, all vendors have been notified of the existence of these vulnerabilities. For more detailed …

Security Advisory 10/2019

usd AG News, Security Research, usd HeroLab

usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the Bitbucket, PhpSpreadsheet and XClarity. The following vulnerability classes were identified: Broken Access Control XML External Entity (XXE) Processing In accordance with usd HeroLabs Responsible Disclosure Policy, all vendors have been notified of the existence of these vulnerabilities. For more detailed information on the identified …

Security Advisory 07/2019

usd AG News, Security Research, usd HeroLab

by Stefan Schmer, Managing Consultant at usd HeroLab. Vulnerability Disclosure usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Adobe Experience Manager (AEM), Bitbucket, feeling4design Super Forms and Oracle Transportation Management (OTM). The following vulnerability classes were identified: Cross Site Scripting (XSS) Username/Filename Enumeration Sensitive Data disclosure Code Injection Broken Access Control …

usd HeroLab at DEF CON 2019

usd AG News, Security Research, usd HeroLab

Cyber Security Transformation Chef (CSTC) Convinced Jury As one of the largest international IT security conferences worldwide, DEF CON once again brings together the world’s leading IT security experts in August. We are happy to announce that we will be presenting one of our in-house developments at the DEF CON Demo Labs: the Cyber Security Transformation Chef (CSTC). With the …

Security Advisory 01/2019

Shirin Freydank News, Security Research, usd HeroLab

by Stefan Schmer, Managing Consultant Security Analysis & Pentests, usd AG. Vulnerability Disclosure usd AG penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Riverbed SteelCentral AppResponse, Dropbear and Cisco Unified Communications Manager. The following vulnerability classes were identified: Cross Site Scripting (XSS) Username Enumeration Sensitive Data disclosure In accordance with usd AG’s Responsible …

Security Advisory 11/2018

Tobias Groetzinger News, Security Research, usd HeroLab

by Stefan Schmer, Managing Consultant Security Analysis & Pentests, usd AG. Vulnerability Disclosure usd AG penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products SafeQ Pro SmartCard v2, Patlite NBM-D88N, Patlite NHL-3FB1, Patlite NHL-3FV1N and Paramiko. The following vulnerability classes were identified: Backdoor Authentication Bypass Replay Attack In accordance with usd AG’s Responsible Disclosure …

Security Advisory 07/2018

Nadine Welz News, Security Research, usd HeroLab

by Stefan Schmer, Managing Consultant Security Analysis & Pentests, usd AG. Vulnerability Disclosure usd AG penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the product Lexware Professional 2017. The following vulnerability classes were identified: Broken Authentication Denial of Service Improper Access Control In accordance with usd AG’s Responsible Disclosure Policy, Haufe-Lexware has been notified of the …

Security Advisory 06/2018

Shirin Freydank News, Security Research, usd HeroLab

by Stefan Schmer, Managing Consultant Security Analysis & Pentests, usd AG. Vulnerability Disclosure usd AG penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Pdf-Xchange Viewer and FirstSpirit SiteArchitect. The following vulnerability classes were identified: Heap Overflow Improper Access Control Path Traversal In accordance with usd AG’s Responsible Disclosure Policy, all vendors have been …

Security Advisory 05/2018 “BCS & STARFACE”

usd AG News, Security Research, usd HeroLab

by Stefan Schmer, Senior Consultant Security Analysis & Pentests, usd AG. Vulnerability Disclosure usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Projektron BCS and Starface. The following vulnerability classes were identified: •Cross Site Scripting (XSS) •SQL-Injection (SQLi) •Expression Language Injection(EXPi) •Cross-Site-Request Forgery (CSRF) Overview In accordance with usd AG’s Responsible Disclosure …