Compass at Area41 2018
We are at the Area 41 conference! This IT Security Conference is happening on the 15/16th of June in 2018 in Zürich. Compass Security supports this non-profit event as Platinum Sponsor. We’ll have a... more
Compass Security Schweiz AG
Werkstrasse 20
8645 Jona
Schweiz
Advisories
Compass Security employees regularly identify 0day security weaknesses in products, either during customer projects or during their research time. We report such vulnerabilities to the respective vendors and believe in coordinated disclosure, as long as the vendor acts in its and our clients’ best interests and provides us with regular and constructive feedback. If any of these conditions are not met, Compass Security might opt for full disclosure as defined in our Vulnerability Disclosure Policy.
Downloads
- CSNC-2018-003 totemomail Encryption Gateway Cross-Site Request Forgery(6 KB )
- CSNC-2018-002 totemomail Encryption Gateway JSONP hijacking(5 KB )
- CSNC-2017-026 Microsoft Intune Preserved Keychain Entries(2 KB )
- CSNC-2017-027 Microsoft Intune App PIN Bypass(4 KB )
- CSNC-2018-001 Zimbra Stored XSS(3 KB )
- CSNC-2017-033 GitLab Self XSS(2 KB )
- CSNC-2017-030 MyTy Reflected XSS(4 KB )
- CSNC-2017-029 MyTy Blind SQL Injection(3 KB )
- CVE-2017-9096 iText XML External Entity Vulnerability(2 KB )
- CSNC-2017-023 Mongoose Network Library Bof(17 KB )
- CSNC-2017-012 Sunell Session ID Enumeration(5 KB )
- CSNC-2017-011 Sunell Stored XSS(4 KB )
- CSNC-2017-010 Sunell Reflected XSS(3 KB )
- CSNC-2017-013_pingid_reflected_xss(3 KB )
- CSNC-2017-004 Live Helper Chat(3 KB )
- CVE-2017-7185 Mongoose OS Use-after-free_update(9 KB )
- CSNC-2016-008 VMware AirWatch XSS(3 KB )
- CSNC-2016-006_ASP.NET Core 5-RC1 HTTP Header Injection(2 KB )
- CVE-2016-6856,6857,6858 SAP Hybris XSS(3 KB )
- CVE-2016-6859 SAP Hybris Information Disclosure(3 KB )
- CVE-2014-1237 i-doit - Cross-site Scripting (XSS)(2 KB )
- CSNC-2016-002 OpenAM Open Redirection(3 KB )
- CSNC-2016-001 OpenAM XSS(3 KB )
- CVE-2016-0955 Adobe Experience Manager AEM-XSS(3 KB )
- CSNC-2015-007 Netgear Router Firmware N300 Authentication Bypass(4 KB )
- CVE-2015-5372 AdNovum nevisAuth Autentication Bypass(4 KB )
- CVE-2015-3442 Soreco Xpert.Line Authentication Bypass(4 KB )
- CVE-2015-3443 Thycotic Secret Server XSS(3 KB )
- CSNC-2014-006 softring_xss(3 KB )
- CSNC-2014-005 softring_backdoor_account(4 KB )
- CSNC-2014-004 neuroML multiple-vulns(4 KB )
- CSNC-2013-018 SAP BusinessObjects Explorer XXE(4 KB )
- CSNC-2013-017 SAP BusinessObjects Explorer Cross-Site-Flashing(3 KB )
- CSNC-2013-016 SAP BusinessObjects Explorer Port-Scanning(3 KB )
- CSNC-2014-001 javaMail - SMTP Header Injection via method setSubject(10 KB )
- CVE-2014-1597 i-doit - SQL Injection(2 KB )
Compass Security Blog
Insomni’hack 2018 Wrap-Up
As every year, some Compass Security Analysts travelled to Geneva and attended the Insomni’hack conference and it’s enjoyable CTF. Conference Read more about the two day conference here in this post:... more
CALENDAR
Compass Security Gambling Night 2018
Haben Sie Lust auf einen wunderbaren Abend im schönsten Flipper- und Dartlokal am Zürichsee? Sichern Sie sich einen der letzen Plätze für den Event... Read more
Compass Training "Social Engineering" in Zürich
Im 2-Tages-Seminar vom 12./13. Juni 2018 lernen Sie die Methoden, Tools und Tricks des Social Engineerings kennen und verstehen. Read more
Beer-Talk in Berlin: Social Engineering – The Devil is in the Details
Dieser Beer-Talk besteht aus einem Fachvortrag von ca. 60 Minuten mit anschließender Diskussion bei einem Imbiss. Die Teilnahme ist kostenlos, eine... Read more
NEWS
Gian-Paul Civelli ist Account Manager bei Compass Security
Seit dem 01. Februar 2018 verstärkt Gian-Paul Civelli als Account Manager das Compass-Team. Er betreut sowohl die neue Dienstleistung DFIR (Digital... Read more
Vulnerabilities in totemomail Encryption Gateway
Nicolas Heiniger identified vulnerabilities in totemomail Encryption Gateway. Read more
Wenn Veränderung Angst macht
Cyrill Brunschwiler von Compass Security war als Referent am 11. KMU-Forum Obersee engagiert. Moderator Martin Diener stellte ihn als "netten Hacker"... Read more