Latest News
Inteset Secure Lockdown Multi Application Edition - Vulnerabilities and Hardening Measures
During a security audit for a customer, Raphael Kuhn from DriveByte GmbH discovered several vulnerabilities within inteset Secure Lockdown Multi Application Edition. In this article he discloses the bugs as well as some hardening measures that can be taken to avoid them being exploited.
LiveConfig Advisory (CVE-2024-22851)
During a security audit for a LiveConfig customer, Raphael Kuhn from DriveByte GmbH discovered a so-called Unauthenticated Path Traversal vulnerability in LiveConfig up to version 2.5.1.
Simple yet effective. The story of some simple bugs that led to the complete compromise of a network
By spying on the process creation of a UCS connected server with extensive permissions, it was possible to gather a large amount of LDAP data. This data includes different credentials and other authentication information. The vendor responded extremely professional and fixed the issues very quickly. He did not only fix the script where we found the issue, but also checked their code base for similar problems and fixed them as well.