Pentagrid AG
@pentagridsec
Pentagrid performs technically solid IT security assessments.
Mastodon: @[email protected]
ID:1126200162232217605
https://pentagrid.ch 08-05-2019 19:00:17
48 Tweets
292 Followers
2 Following
#SQLinjection in login dialog of web-based #YABOOK harbour administration allows authentication bypass
pentagrid.ch/en/blog/sql-in…
#pentest #sailing #hafenverwaltung #imonaboat
Multiple vulnerabilities in Lantronix EDS-MD IoT gateway for medical devices: pentagrid.ch/en/blog/multip… #itsecurity #infosec #pentesting #lantronix #iot #medical
A few email-related Python libraries do not check server certificates. It is nothing new, but a bit surprisingly in 2023 and not everyone got the memo. pentagrid.ch/en/blog/python… #itsecurity #infosec #pentesting #python #email #bugbounty
The #Liferay Portal software < 7.4.3.88 respectively < 7.4.3.92 is affected by persistent cross-site-scripting vulnerabilities. pentagrid.ch/en/blog/stored… #itsecurity #infosec #pentesting
Wir haben ein Werkzeug in Python geschrieben, dass Dateiarchive wie zip, tar und cpio generiert welche Path Traversal Angriffe beinhalten: pentagrid.ch/de/blog/archiv… #itsicherheit #informationssicherheit #pentesting
We wrote a tool in Python to create file archives such as zip, tar and cpio that include path traversal attacks: pentagrid.ch/en/blog/archiv… #itsecurity #infosec #pentesting
We analysed the security of a #WindRiver #VxWorks (the operating system running also on NASA's Curiosity mars rover) embedded device and found a critical vulnerability in the #tarExtract function: pentagrid.ch/en/blog/wind-r… #itsecurity #infosec #pentesting #cisa #vxworks
Wir haben uns das Liechtensteiner #Gesundheitsdossier und die zugrunde liegende Portal-Software #Liferay angeschaut. Im Ergebnis haben wir Verwundbarkeiten in Liferay gefunden und Schwächen im IT-Setup: pentagrid.ch/de/blog/it-sic… #itsicherheit #informationssicherheit #eHealth #eGD
Our advisory for Busybox cpio. When extracting cpio archives with BusyBox cpio, the cpio archiving tools may write files outside the destination directory and there is no option to prevent this.
Full advisory: pentagrid.ch/en/blog/busybo…
#itsecurity #infosec #pentesting #Busybox
Today is tool day. We are releasing our #Python #SMS Gateway tool. Attach your #modempool or your old #Surfsticks from the grab box, insert SIM cards and forward #SMS to your e-mail box. And why not using it for Icinga SMS alerts? #pentesting #monitoring
pentagrid.ch/en/blog/open-s…
We conducted a security analysis of the secure e-mail software SEPPmail – Deutschland GmbH 11.1.10 and found multiple vulnerabilities that have been fixed (and hopefully widely applied) by now pentagrid.ch/en/blog/multip… #itsecurity #infosec #pentesting