Tue 21 February 2017
Some times ago the Ambionics team encountered a very old instance of Grails which contained a plugin to generate PDFs from Groovy templates. Upon looking for the plugin's source code we discovered an XXE vulnerability.
Fri 20 January 2017
As a new year comes, it is a good time to review two high impact vulnerabilities that were discovered four years apart, but that are in fact rooted in the same piece of code.
Check our offensive & continuous web security assessment service