Skip to main content
Compass SecurityCompass Security
Search
  • DE
  • FR
  • Current
    • News
    • Blog
    • Agenda
    • Advisories
  • Services
    • Penetration Tests
    • Security Review
    • Red Teaming
    • Purple Teaming
    • Bug Bounty Managed Service
    • Managed Detection and Response
    • Incident Response and Forensics
    • Industrial Cybersecurity
  • Products
    • FileBox
    • Hacking-Lab
  • Trainings
    • Digital Forensics and Incident Response (DFIR)
    • Internal Network and System Security
    • Internet of Things Security
    • Open Source Intelligence (OSINT)
    • Secure Mobile Apps
    • Security Boot Camp
    • Social Engineering
    • Web Application Security Advanced
    • Web Application Security Basic
  • Research
    • Advisories
    • White Paper
    • Presentations
    • Studies
  • Company
    • About us
    • Contact
    • Testimonials
    • Mailing list TIGER-INFO
    • Jobs
  • Contact
    • Free Initial Discussion
    • Sample Report
    • Locations
  • Emergency?
  • DE
  • FR
Search

You are here:

  1. Compass Security
  2. News
  3. Detail

Vulnerabilities on AdRem NetCrunch platform

12/09/2020

Thierry Viaccoz, Sylvain Heiniger and Fabio Poloni identified several vulnerabilities in the AdRem NetCrunch monitoring solution.

 

Details to these advisories:

CSNC-2019-011 / Server-Side Request Forgery (SSRF)

CSNC-2019-012 / Improper Credential Storage

CSNC-2019-013 / Cross-Site Scripting (XSS)

CSNC-2019-014 / Remote Code Execution

CSNC-2019-015 / Improper Session Handling

CSNC-2019-016 / Cross-Site Request Forgery (CSRF)

CSNC-2019-017 / Hardcoded SSL Private Key

CSNC-2019-018 / Credentials Disclosure

 

Back

Blog

WinGet Desired State: Initial Access Established

03.03.2026

While not new, a self-referencing LNK file in combination with winget configuration instructions can be a viable initial access payload for…

Read more

Calendar

VIS Kontaktparty 2026

14.03.2026

On Saturday, 14 March, Switzerland’s next generation of IT professionals will gather at the VIS Contact Party, the largest academic IT recruiting fair…

Read more

News

Vulnerability in Lenovo Vantage

09.02.2026

Security Analyst John Ostrowski identified a vulnerability in Lenovo Vantage, an application provided by Lenovo that helps

to manage computer…

Read more
  • Imprint
  • Legal
  • Sitemap
  • Deutsch
  • Français
  • Twitter
  • GitHub
  • LinkedIn
  • RSS