Research conducted by our company

We believe that research is a fundamental part of identifying new attack vectors, which is why we tend to invest countless hours studying the latest technologies and software. Most of our public research is described on this page and accompanied by technical details regarding the methodologies used

CVE-2022-20340 – Android OS user activity information disclosure via side-channel vulnerability

In SELinux policy, there is a possible way of inferring which websites are being opened in the browser due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation

Details >

CVE-2020-29653 – Froxlor HTML Injection dangling markup

Froxlor instances <= 0.10.22 do not perform validation on user-input passed in the customermail GET parameter. More specifically, the value of this parameter is reflected unsanitized in the response webpage.

Details >

CVE-2019-16469 – Adobe Experience Manager expression language injection vulnerability

Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 has an expression language injection vulnerability. Successful exploitation could lead to sensitive information disclosure

Details >

Research conducted by our company

CVE-2022-20340 – Android OS user activity information disclosure via side-channel vulnerability

CVE-2020-29653 – Froxlor HTML Injection dangling markup

CVE-2019-16469 – Adobe Experience Manager expression language injection vulnerability

Copyright © 2023 NoZero LLC