In an increasingly connected world, vulnerabilities are everpresent. Our goal is to find high-impact vulnerabilities in widely deployed products to protect millions of people. Below you'll find a list of selected security vulnerabilities we've discovered:
Secure E-Voting Systems are vital for the functioning of a safe, resiliant democracy. By discovering electronic voting system vulnerabilities we were able to save millions of humans from loss of trust in the government, riots and voting manipulation
| ID | Product | Vulnerability |
|---|---|---|
| CVE-2019-25022 | Scytl Secure Vote (sVote) | SDM RCE |
| CVE-2019-25023 | Scytl Secure Vote (sVote) | X-Forwarded-For IP-Spoofing/Faking |
| CVE-2019-25020 | Scytl Secure Vote (sVote) | Unauthenticated REST Endpoints leading to Secure-Data-Manager admin configuration leak |
| CVE-2019-25021 | Scytl Secure Vote (sVote) | OrientDB Password |
| SUID-2019-00001 | Scytl Secure Vote (sVote) | Jackson-Databind RCE |
| SUID-2019-00002 | Scytl Secure Vote (sVote) | XSS |
| SUID-2019-00003 | Scytl Secure Vote (sVote) | XXE |
| SUID-2019-00004 | Scytl Secure Vote (sVote) | Hardcoded PKCS12 Passwords |
Routers are critical embedded systems. Exploits not only target a single system but can be abused to penetrate entire networks. Our work has helped major network vendors secure massive customerbases.
| ID | Product | Vulnerability |
|---|---|---|
| CVE-2021-27249 | D-Link DAP-2020 | Command Injection RCE |
| CVE-2021-27250 | D-Link DAP-2020 | Arbitrary File Read |
Attacks via Malware are omnipresent and are impacting million of lives. We are committed to analyze and disrupt active malware campaigns.
| ID | Type | Malware |
|---|---|---|
| SMAL-2021-00001 | Spyware/Malvertising | Telegram Malvertising Campaign (March 2021) |
If you want a thourough, fast and discreet security audit of your product get in contact with us!