This is not a late April Fool's joke: After #37C3 , we accidentally dumped the keypad codes of almost half of an IBIS hotel's rooms by entering some dashes into a check-in terminal: pentagrid.ch/en/blog/ibis-h… #itsecurity #infosec #ibis #accor #terminal #hotel

#SQLinjection in login dialog of web-based #YABOOK harbour administration allows authentication bypass
pentagrid.ch/en/blog/sql-in…
#pentest #sailing #hafenverwaltung #imonaboat

Multiple vulnerabilities in Lantronix EDS-MD IoT gateway for medical devices: pentagrid.ch/en/blog/multip… #itsecurity #infosec #pentesting #lantronix #iot #medical

A few email-related Python libraries do not check server certificates. It is nothing new, but a bit surprisingly in 2023 and not everyone got the memo. pentagrid.ch/en/blog/python… #itsecurity #infosec #pentesting #python #email #bugbounty

The #Liferay Portal software < 7.4.3.88 respectively < 7.4.3.92 is affected by persistent cross-site-scripting vulnerabilities. pentagrid.ch/en/blog/stored… #itsecurity #infosec #pentesting

Wir haben ein Werkzeug in Python geschrieben, dass Dateiarchive wie zip, tar und cpio generiert welche Path Traversal Angriffe beinhalten: pentagrid.ch/de/blog/archiv… #itsicherheit #informationssicherheit #pentesting

We wrote a tool in Python to create file archives such as zip, tar and cpio that include path traversal attacks: pentagrid.ch/en/blog/archiv… #itsecurity #infosec #pentesting

We analysed the security of a #WindRiver #VxWorks (the operating system running also on NASA's Curiosity mars rover) embedded device and found a critical vulnerability in the #tarExtract function: pentagrid.ch/en/blog/wind-r… #itsecurity #infosec #pentesting #cisa #vxworks

Wir haben uns das Liechtensteiner #Gesundheitsdossier und die zugrunde liegende Portal-Software #Liferay angeschaut. Im Ergebnis haben wir Verwundbarkeiten in Liferay gefunden und Schwächen im IT-Setup: pentagrid.ch/de/blog/it-sic… #itsicherheit #informationssicherheit #eHealth #eGD

We had a look at Liechtenstein's electronic health files and the underlying #Liferay portal software and found some weaknesses in the portal software as well as risks in the IT setup. Full article (in German only): pentagrid.ch/de/blog/it-sic… #itsecurity #infosec #eHealth #eGD

For some #Icinga #monitoring , we wrote a small plugin in Python that sends mail via SMTP and checks on another mail server via IMAP if the mail was received. Here is the code: github.com/pentagridsec/i…

Our advisory for Busybox cpio. When extracting cpio archives with BusyBox cpio, the cpio archiving tools may write files outside the destination directory and there is no option to prevent this.

Full advisory: pentagrid.ch/en/blog/busybo…

#itsecurity #infosec #pentesting #Busybox

Published advisory for Viseca, one of the larger credit card issuers in CH/FL. Vulnerability to download credit card statements (other business customers) -> coordinated disclosure
Advisory: pentagrid.ch/en/blog/viseca…
Republik (German): republik.ch/2023/03/20/kre…
#itsecurity #infosec

Today is tool day. We are releasing our #Python #SMS Gateway tool. Attach your #modempool or your old #Surfsticks from the grab box, insert SIM cards and forward #SMS to your e-mail box. And why not using it for Icinga SMS alerts? #pentesting #monitoring
pentagrid.ch/en/blog/open-s…

We conducted a security analysis of the secure e-mail software SEPPmail – Deutschland GmbH 11.1.10 and found multiple vulnerabilities that have been fixed (and hopefully widely applied) by now pentagrid.ch/en/blog/multip… #itsecurity #infosec #pentesting