While doing research on Microsoft SQL (MSSQL) Server, a GoSecure ethical hacker found an unorthodox design choice that ultimately led to a web application firewall (WAF) bypass. In a nutshell An undocumented design choice in MSSQL caused Web Application...
GoSecure Titan Labs has identified a vulnerability within the Tableau Server that could allow malicious actors to extract sensitive data from the application. Tableau Server is an analytics platform owned by Salesforce used to see and understand data. This application...
GoSecure Titan Labs discovered a stored cross-site scripting (XSS) vulnerability in IBM Content Navigator. Users are strongly advised to upgrade to version 3.0.9 or above. This blog post details the vulnerability, its impact and provides a proof of concept for...
A GoSecure Titan Lab investigation found that 3CX phone system servers were vulnerable to two different attacks: authenticated command injection and privilege escalation. When combined with the 3CX cloud free trial, these vulnerabilities could allow an attacker to...
Cyber warfare is here to stay. The Russia/Ukraine conflict underscores the long-held fear that kinetic warfare can and would be combined with organized, sustained cyber warfare to be used asymmetrically against a militarized adversary and its’ country’s critical...
Log4j was an eye opener for many here at GoSecure. Not from a technology or security perspective, we have that covered in spades; but just how quickly the GoSecure Titan team can respond and remediate a vulnerability in a dependency. We are starting to appreciate the...
FR
