Security Advisory 07/2020

usd AG News, Security Research, usd HeroLab

usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Bitbucket Server and Concrete5 CMS. The following vulnerability classes were identified: Server-Side Request Forgery Unencrypted Service Code Injection In accordance with usd HeroLabs Responsible Disclosure Policy, all vendors have been notified of the existence of these vulnerabilities. For more detailed information on the …

Security Advisory 06/2020

usd AG News, Security Research, usd HeroLab

usd HeroLab penetration testers have identified several security vulnerabilities during security analyses. These vulnerabilities affect the products Symantec Endpoint Protection (Broadcom), Gambio GX and NCP Secure Enterprise Client. The following vulnerability classes were identified: Privileged File Write Cross-Site-Request-Forgery (CSRF) Blind SQL Injection Hardlink Vulnerability Stored Cross-Site Scripting (XSS) In accordance with usd HeroLabs Responsible Disclosure Policy, all vendors have been …