by Karthikeyan Jayaraman | Jun 11, 2020
An Authenticated Remote Code Execution (RCE) vulnerability was discovered on Vera, a platform for digital asset management used in the printing industry. The application allows an authenticated user to change the logo on the Website. An attacker can use this feature...
by Francois Renaud | Sep 30, 2019
TLDR: It is frightening, a patch was made available the same day it was disclosed and everybody should update their servers. Impact Butor Portal is affected by a Path Traversal vulnerability leading to pre-authentication arbitrary file downloads. Every file...
by Benoit Cote-Jodoin | Jul 3, 2019
Some time ago; we published a blog about jenkins-fsb, a preconfigured Jenkins instance for efficiently using the plug-in, Find Security Bugs. In that blog post, there was an indication about multiple vulnerabilities having been found but not disclosed. Well, today we...
by Benoit Cote-Jodoin | Sep 6, 2018
Find Security Bugs can often uncover interesting findings that may lead to the discovery of critical vulnerabilities. Back in May, we published on this blog two vulnerabilities in components of Spring, a Java web framework, using this tool. However, the process of...
by Louis Dion-Marcil | Apr 3, 2018
Update: A new blog post has been published as a follow up to this article : ESI Part 2: Abusing specific implementations. Abusing Caching Servers into SSRF and Client-Side Attacks While conducting a security assessment, we noticed an unexpected behavior in the...
by Martin Lemay | Jan 10, 2018
The story of a privileged handle… Context As virtualization technology continues to become the corporate standard, the popularity of Virtual Desktop Infrastructure (VDI) in large enterprises has been increasing. These automated environments can provision...
FR