Mon 16 July 2018
Prestashop 1.6.1.19 sessions can be read and written by an attacker, resulting in a range of vulnerabilities including privilege escalation and remote code execution.
Tue 04 July 2017
We're introducing a new tool to generate unserialize() payloads easily from common libraries.
Wed 17 May 2017
Few months ago Ambionics Security team had the chance to audit Oracle PeopleSoft solutions. PeopleSoft applications contain a lot of unauthenticated endpoints with several not well documented XXE vulnerabilities. We'll show how you can get a full SYSTEM shell from that.
Thu 06 April 2017
Ambionics Security team discovered a pre-authentication SQL Injection in TYPO3 News module. This module is the 20th most used module of TYPO3 with almost 60,000 downloads.
Wed 08 March 2017
While working on the Drupal module Services, the Ambionics Security team discovered a critical remote code execution vulnerability.
Tue 21 February 2017
Some times ago the Ambionics team encountered a very old instance of Grails which contained a plugin to generate PDFs from Groovy templates. Upon looking for the plugin's source code we discovered an XXE vulnerability.
Check our offensive & continuous web security assessment service