by Karthikeyan Jayaraman | Jun 11, 2020
An Authenticated Remote Code Execution (RCE) vulnerability was discovered on Vera, a platform for digital asset management used in the printing industry. The application allows an authenticated user to change the logo on the Website. An attacker can use this feature...
by Maxime Carbonneau | Feb 26, 2020
When we initially released PyRDP in late 2018, we familiarized ourselves with the Remote Desktop Protocol (RDP) relatively quickly. It became clear that our initial release couldn’t tackle all the opportunities that an active on-the-wire attacker could have. During my...
by Francois Renaud | Sep 30, 2019
TLDR: It is frightening, a patch was made available the same day it was disclosed and everybody should update their servers. Impact Butor Portal is affected by a Path Traversal vulnerability leading to pre-authentication arbitrary file downloads. Every file...
by Benoit Cote-Jodoin | Jul 3, 2019
Some time ago; we published a blog about jenkins-fsb, a preconfigured Jenkins instance for efficiently using the plug-in, Find Security Bugs. In that blog post, there was an indication about multiple vulnerabilities having been found but not disclosed. Well, today we...
by Benoit Cote-Jodoin | Sep 6, 2018
Find Security Bugs can often uncover interesting findings that may lead to the discovery of critical vulnerabilities. Back in May, we published on this blog two vulnerabilities in components of Spring, a Java web framework, using this tool. However, the process of...
FR