Page 3 of 6 for Research Blog - Page 3 | X41 D-Sec - Penetration Tests and Source Code Audits

January 18, 2022

Advisory X41-2021-003: Telenot complex - Insecure AES Key Generation

The compasX parameterization software for complex alarm systems generated the AES keys used for both physical access control (via NFC tags) and remote management in an insecure fashion.

January 12, 2022

RustyHermit Missing Memory Protections

The research unikernel RustyHermit lacks of several memory protection mechanisms which significantly ease attacks on vulnerable applications

December 14, 2021

X41 D-Sec GmbH Thetanuts.Finance Public Security Review

X41 D-Sec GmbH ("X41") - a research driven IT-Security company - released a public audit report of the Thetanuts.Finance smart contracts.

May 25, 2021

nginx DNS Resolver Off-by-One Heap Write Vulnerability

An off-by-one error in ngx_resolver_copy() while processing DNS responses allows a network attacker to write a dot character ('.', 0x2E) out of bounds in a heap allocated buffer.

May 03, 2021

QR Code reconstruction

Reconstructing a QR Code from partially censored images.

January 28, 2021

Advisory X41-2021-001: Multiple Vulnerabilities in YARA

Luis Merino of X41 discovered multiple vulnerabilities in YARA

December 21, 2020

Microsoft Exchange Remote Code Execution - CVE-2020-16875

The patch for CVE-2020-16875 in Microsoft Exchange can bypassed to gain remote code execution again.

October 06, 2020

Pro-bono Pentests for COVID-19-related Apps & Software

COVID-19 pro-bono program finished

September 22, 2020

Decompressing Xamarin DLLs

Solving a small decompression challenge during an audit

July 15, 2020

bspatch strikes back

The tale of a forgotten bug in bspatch.

July 09, 2020

Advisory X41-2020-006: Memory Corruption Vulnerability in bspatch

Luis Merino of X41 discovered an unpatched vulnerability in some bspatch upstream and some forks

June 18, 2020

Advisory X41-2020-002: Multiple Vulnerabilities in Psyprax 3.1.2.2

Eric Sesterhenn of X41 discovered multiple vulnerabilities in psyprax 3.1.2.2

June 15, 2020

Vulnerabilities and Coordinated Disclosure

How X41 deals with coordinated disclosure in light of recent vulnerabilities found in medical software

April 23, 2020

Advisory X41-2019-008: Vulnerable Components used by Cerner medico

X41 discovered security vulnerabilities in Cerner medico components

April 22, 2020

Pro-bono Pentests for COVID-19-related Apps & Software

Pro-bono program helping organizations & developers to secure their applications

April 08, 2020

Advisory X41-2019-007: Cleartext Credentials in GeDoWin Geburt

Niklas Abel of X41 discovered cleartext credentials in GeDoWin Geburt 2019.2

April 02, 2020

Advisory X41-2020-004: Multiple Vulnerabilities in Medical Office

Eric Sesterhenn of X41 discovered multiple vulnerabilities in Indamed Medical Office

April 01, 2020

Advisory X41-2020-003: Multiple Vulnerabilities in Epikur

Eric Sesterhenn of X41 discovered multiple vulnerabilities in Epikur

March 25, 2020

Advisory X41-2020-005: Insufficient Password Protection in Smarty

Eric Sesterhenn of X41 discovered that smarty stores passwords in a recoverable way.

March 24, 2020

Security in Uncertain Times - How we Handle the COVID-19 Situation at X41

How we Handle the COVID-19 Situation at X41

NEWS > Research Blog