Security Advisory 01/2020

usd AG News, Security Research, usd HeroLab

usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Dolibarr ERP/CRM and Codiad Web IDE. The following vulnerability classes were identified: Reflected XSS Stored XSS SQL Injection PHP Code Injection In accordance with usd HeroLabs Responsible Disclosure Policy, all vendors have been notified of the existence of these vulnerabilities. For more detailed …

Security Advisory 07/2019

usd AG News, Security Research, usd HeroLab

by Stefan Schmer, Managing Consultant at usd HeroLab. Vulnerability Disclosure usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Adobe Experience Manager (AEM), Bitbucket, feeling4design Super Forms and Oracle Transportation Management (OTM). The following vulnerability classes were identified: Cross Site Scripting (XSS) Username/Filename Enumeration Sensitive Data disclosure Code Injection Broken Access Control …

usd HeroLab to Again Teach Course at TU Darmstadt and h_da

usd AG CST Academy, usd HeroLab

Hacker Contest Summer Semester 2019 The usd HeroLab will once again teach the course “Hacker Contest” at the Technical University (TU) Darmstadt and the University of Applied Sciences Darmstadt (h_da) this summer semester. During the 2019 summer semester, students will have the opportunity to experience IT security in practice. In a secure environment, they will try out attack methods and …

usd Hackers’ Days 2019 – The Challenge Goes Live on April 17th!

usd AG CST Academy, usd HeroLab

Gain insights into the latest pentesting methods and exchange ideas with other professionals. Only those who succeed in the Challenge can register for usd Hackers’ Days near them. The Challenge will be unlocked on April 17th and you have until May 5th to crack as many codes as possible. The more codes you have, the greater your chances – the …

usd HeroLab Keeps Investing in Young Talent

usd AG News, usd HeroLab

“Winterschool 2019” concluded successfully Neu-Isenburg, March 27, 2019 This year’s “Winterschool”, which is part of the usd training program “Become a HeroLab Professional” for students working at the usd HeroLab, was concluded with a final exam last week. The usd HeroLab is expanding its range of university training courses by adding a special training program for its own students. 14 …

Security Advisory 01/2019

Shirin Freydank News, Security Research, usd HeroLab

by Stefan Schmer, Managing Consultant Security Analysis & Pentests, usd AG. Vulnerability Disclosure usd AG penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Riverbed SteelCentral AppResponse, Dropbear and Cisco Unified Communications Manager. The following vulnerability classes were identified: Cross Site Scripting (XSS) Username Enumeration Sensitive Data disclosure In accordance with usd AG’s Responsible …

Security Advisory 12/2018

Shirin Freydank News, usd HeroLab

by Stefan Schmer, Managing Consultant Security Analysis & Pentests, usd AG. Vulnerability Disclosure usd AG penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Shpock App, SEP sesam, Nagios Core, Icinga Web 2 and Fortigate 900D. The following vulnerability classes were identified: Authentication Bypass Cross Site Scripting (XSS) Cross-Site-Request Forgery (CSRF) Denial of Service …

Security Advisory 11/2018

Tobias Groetzinger News, Security Research, usd HeroLab

by Stefan Schmer, Managing Consultant Security Analysis & Pentests, usd AG. Vulnerability Disclosure usd AG penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products SafeQ Pro SmartCard v2, Patlite NBM-D88N, Patlite NHL-3FB1, Patlite NHL-3FV1N and Paramiko. The following vulnerability classes were identified: Backdoor Authentication Bypass Replay Attack In accordance with usd AG’s Responsible Disclosure …

Bug Bounty Programs – Benefit from the Knowledge of an Entire Community

Shirin Freydank News, usd HeroLab

Many businesses face new challenges and problems in the area of IT security. This includes the fact that businesses receive reports of vulnerabilities from security-conscious customers or hackers*1, sometimes via unsuitable communication channels. In this expert interview lead by Shirin Freydank, usd Corporate Communication, Stefan Schmer, Managing Consultant Security Analysis & Pentests at usd AG, presents a security building block …