During a recent red team engagement, SCHUTZWERK identified an arbitrary file read vulnerability via XML external entities in Lobster_pro.
During a recent external penetration test, SCHUTZWERK identified an arbitrary file read vulnerability via XML external entities in the SOAP endpoint(s) of 4D Server.
During a recent assessment, SCHUTZWERK discovered a vulnerability in HIGH-LEIT which allows privilege escalation.
During an embedded security assessment, we identified a buffer overread vulnerability (CWE-126) in the DHCP implementation of U-Boot that could leak memory onto the network.
During an assessment, we discovered a local privilege escalation vulnerability in the custom OpenVPN client saConnect/saConnectService.
During a recent assessment, we discovered a vulnerability in Visual Planning, which allows an authenticated attacker to obtain read access to arbitrary files on the application server.
During a recent assessment, we discovered a critical vulnerability in Visual Planning, which allows a privilege escalation from non-administrative account to administrator level.
During a recent assessment, we discovered a critical vulnerability in Visual Planning, which allows to bypass the authentication.
During a recent assessment, we discovered a critical vulnerability in Visual Planning, which allows to bypass the REST API authentication.
During an assessment we discovered a stored cross-site-scripting vulnerability in the Papaya medical image viewer (CVE-2023-33255)
During a recent assessment, we discovered a critical vulnerability in Spryker Commerce OS, which allows SQL Injection.
During a recent assessment, we discovered a critical vulnerability in Spryker Commerce OS, which allows Remote Command Execution.