Our pentest professionals at #usdHeroLab identified several vulnerabilities in #KofaxCommunicationServer (KCS) and in the #ArcGIS scripting language Arcade ranging from path traversal to XSS.
All #vulnerabilities were responsibly reported to the vendors.
👉 Details on our #SecurityAdvisories can be found here: https://www.usd.de/en/security-advisories-kofax-communication-server-arcgis-arcade/
Unauthenticated RCE in Agorum Core Open!
During their regular security analyses, our pentest professionals from #usdHeroLab examined the open source software #AgorumCoreOpen.
They discovered multiple #vulnerabilities that, when chained together, allow an unauthenticated attacker to achieve full remote code execution with root privileges. This critical flaw enables complete system compromise without prior authentication.
📰👉 Detailed information on the published #SecurityAdvisories can be found here: https://www.usd.de/en/security-advisories-on-agorum-core-open/
#Pentest #Pentesting #moresecurity #RCE #CyberSecurity #InfoSec
CSTC is a Burp Suite extension that allows request/response modification using a GUI analogous to CyberChef - GitHub - usdAG/cstc: CSTC is a Burp Suite extension that allows request/response modif...
Our #usdHeroLab professionals have uncovered a vulnerability in the online store software #Gambio during their #pentests.
Our analysts discovered a vulnerability in the password reset functionality. Exploiting this vulnerability would enable an attacker to change the password for any account and take over, for example, the administrator account of the application.
The vulnerability was reported to the vendor under the Responsible Disclosure Policy.
👉 More details: https://herolab.usd.de/en/security-advisories/usd-2024-0002/
Our #usdHeroLab analysts examined the #SONIX Technology Webcam during their #pentests.
1️⃣ Vulnerability Type: Incorrect Permission Assignment for Critical Resource (CWE-732)
🚨 Security Risk: High
The vulnerability was reported to the vendor under the Responsible Disclosure Policy.
👉More Details: https://herolab.usd.de/security-advisories/usd-2023-0029/
#Announcement: On Friday, our #usdHeroLab colleagues published a major release of our BurpSuite Plugin #FlowMate: https://github.com/usdAG/FlowMate/releases/tag/v1.1
During BlackHat USA 2023 and DEF CON 31, our colleagues received a lot of helpful feedback on their #tool: The new version 1.1 contains bug fixes and some new features. In our video, Florian Haag explains the advantages and possible use cases in the context of #WebApplication #Pentests: https://www.youtube.com/watch?v=BJhRhGmDATw
#CheckItOut #Security #Pentesting #Hacking #Tools #Community #moresecurity
Many cooks spoil the tool? Not in the #usdHeroLab: Our colleagues are constantly developing their own #tools, which are subject to strict quality and optimization processes. In the latest video, Florian Haag introduces you to our BurpSuite plugin Cyber Security Transformation Chef (CSTC) and explains how you can use it.
Our #usdHeroLab #Pentest professionals analyzed #FileCloud during their pentests.
1⃣Vulnerability Type: Dependency on Vulnerable Third-Party Component (CWE-1395)
🚨Security Risk: Critical
🧐FileCloud is an enterprise solution for accessing, synchronizing and sharing files hosted on your servers.
The identified vulnerability is related to an outdated Electron dependency. Exploiting this vulnerability could potentially allow attackers to gain unauthorized access to sensitive data stored within the application.
The vulnerability was reported to the vendor under the Responsible Disclosure Policy. More information can be found here 👩💻👩💻👇
https://herolab.usd.de/security-advisories/
usd AG
