Breaking, Misc

Vulnerabilities in Sitefinity WCMS – A Success Story of a Responsible Disclosure Process

Preface

For those who never heard of Sitefinity before, it is an ASP.NET-based Web Content Management System (WCMS), which is used to deploy and manage applications as other CMS‘s do. A bitter quick glance at Sitefinity and its advantages can be found in this overview.

Delving into the core of this blog post, recently I had the opportunity to look at Sitefinity WCMS in which I found two reflected Cross Site Scripting (XSS) (CVE-2018-17053 and CVE-2018-17056), a stored XSS (CVE-2018-17054) and an arbitrary file upload (CVE-2018-17055) vulnerabilities.

I admit that the vulnerabilities mentioned in here are classical ones, but because of the huge spectrum of the platform versions affected, I thought it would be helpful to send a loud signal to whomever are using Sitefinity, so they can apply fixes and be safe 😉

Continue reading “Vulnerabilities in Sitefinity WCMS – A Success Story of a Responsible Disclosure Process”

Continue reading
Events

Patch Me If You Can

Right after the Opening Keynote of TROOPERS16, an informative and interesting talk took place at the SAP Security track. This talk was given by three speakers; Damian Poddebniak who is currently a master student at the University of Applied Sciences of Münster, Sebastian Schinzel who works as an IT security Professor at the University of Applied Sciences of Münster and he is also the founder of CycleSEC GmbH and finally the sixth-time speaker at Troopers “Andreas Wiegenstein” who is the CTO of Virtual Forge GmbH and a professional SAP security consultant since 2003. Continue reading “Patch Me If You Can”

Continue reading
Events

Tools for Troubleshooting and Monitoring IPv6 Networks

Yet another interesting 180-minute workshop in IPv6 Security Summit of TROOPERS16, which aimed to introduce the IPv6 troubleshooting and monitoring tools, which are essentially needed by users in order to know how to deal with IPv6 in any IPv6-enabled network.

Before we dive into this post, let me introduce you in few words “Gabriel Müller” the speaker and the instructor of this workshop. Gabriel works as a senior consultant at AWK Group by mainly assisting clients in the public and private sectors as a project manager and an expert in the network area.

Continue reading “Tools for Troubleshooting and Monitoring IPv6 Networks”

Continue reading