We are dynamic and talented. Our specialists are our beating heart and that’s why we never stop. We adapt ourselves to an ever changing world while bearing in mind what brought us here: the need to understand each and every bit.
Rely on us,
we will raise your barriers.
QNAP Q'center Post-Auth Remote Code Execution via QPKG
A privileged user can obtain remote code execution on Q'center through a manipulated QPKG installation package.
QNAP Q'center Virtual Appliance < 1.12.1014 Stored XSS
QNAP MusicStation/MalwareRemover Pre-Auth Remote Code Execution
QNAP MusicStation and MalwareRemover pre-installed official apps are affected by an arbitrary file upload and a command injection, leading to pre-auth remote root command execution.
Hunting for bugs in Telegram's animated stickers remote attack surface
Re-discovering a JWT Authentication Bypass in ServiceStack
Sometimes they come back: exfiltration through MySQL and CVE-2020-11579