Our research lab is an integral part of our work. We are seeking to drive security evolution, combining insights from our security research community. We focus on everyday technologies that expose many people to risk, most recently mobile communication and payment systems. Our goal is to fix issues before consumers are put at risk; or publicly discuss flaws in systems where this did not happen. Our lab is an open collective of like-minded thinkers. If you are interested in our projects and the lab, get in touch or consider working with us.
To make the respective manufacturers sufficient time for correcting the weaknesses, our researchers update according to the following schedule:
Product | Vulnerability Classification | Details |
---|---|---|
Google Chrome 109.0.5414.74 | Unsafe Library Load | Details |
Turtlapp Turtle Note v0.7.2.6 | HTML injection | Details |
QNAP Device | Path Traversal | Details |
DuckDuckGo 7.64.4 | Address Bar Spoofing | Details |
Parallels Plesk Panel 9.5 | Cross Site Scripting | Details |
Poking A Hole In Whitelist For Bypassing Firewall | Firewall Bypass | Details |
Bypassing Browser Security Policies For Fun And Profit | Browser Security Bypass | Details |
Microsoft Internet Explorer 11 XSS Filter Bypass | XSS Filter Bypass | Details |
Drupal 8.0.x-dev | Cross Site Scripting | Details |
Shell Shock Auto Exploitation Script | Shellshock Vulnerability | Details |
Maxthon Browser | Address Bar Spoofing | Details |
CM Browser | SOP Bypass | Details |
Google Chrome 36.0 | XSS Auditor Bypass | Details |
Android Browser | Same Origin Policy Bypass | Details |
HTML5 Modern Day Attack And Defence Vectors | Whitepaper called HTML5 Modern Day Attack and Defence Vectors | Details |
WordPress TimThumb Finder 1.0 Beta | This is a python script that scans a webserver for timthumb.php | Details |
Lavarel-Security | XSS Filter Bypass | Details |
WordPress Infocus Theme | Cross Site Scripting | Details |
phpMyRecipes 1.x.x XSS / CSRF / SQL Injection | phpMyRecipes version 1.x.x suffers from XSS, CSRF, SQL Injection vulnerabilities. | Details |
Bypassing Modern Web Application Firewalls | WAF Bypass | Details |
Joomla Flexicontent | Remote Code Execution | Details |
phpThumb 1.7.12 | Server Side Request Forgery | Details |
Joomla JMultimedia | Command Execution | Details |
WordPress Pretty Photo | Cross Site Scripting | Details |
Eclipse.org | SQL Injection | Details |
OWASP Java Encoder | Filter Bypass | Details |
Google Chrome 31.0 | Webkit Auditor Bypass | Details |
Mental JS Sandbox Bypass | Sandbox Bypass | Details |
Modsecurity | Cross Site Scripting Bypass | Details |
Link Farm Evolution 1.8.7 | Cross Site Scripting | Details |
Xorbin Analog Flash Clock 1.0 For Joomla XSS | Flash-based cross site scripting | Details |
Xorbin Digital Flash Clock 1.0 For WordPress XSS | Flash-based cross site scripting | Details |
Xorbin Digital Flash Clock 1.0 For WordPress XSS | Flash-based cross site scripting | Details |
CyberKendra Search Bar | Cross Site Scripting | Details |
Mod_Security | Cross Site Scripting Bypass | Details |
HtmlCommentBox | Cross Site Scripting | Details |
Joomla Jnews 8.0.1 | Cross Site Scripting | Details |
Joomla Phocagallery 3.0.0 / 4.0.0 | Cross Site Scripting | Details |
Fork CMS | Local File Inclusion | Details |
Fork CMS | Cross Site Request Forgery | Details |
Fork CMS | Cross Site Scripting | Details |
Your Own Classifieds | Cross Site Scripting | Details |
WordPress Caulk | Path Disclosure | Details |
ProActive CMS | XSS / CSRF / Open Redirect | Details |
WHM editfilter.html | Stored Cross Site Scripting | Details |
C-Panel dir.html | Cross Site Scripting | Details |
C-Panel | Cross Site Scripting | Details |