Security Advisory 2303-01
Trovent Security GmbH discovered that the Eramba web application allows remote code execution for authenticated users.
Security Advisory 2203-01
Trovent Security GmbH discovered that the GroupWise web application transmits the session ID in HTTP GET requests in the URL when email content is accessed.
Security Advisory 2110-01
Trovent Security GmbH discovered that the application stores the username and password in clear text in a file on the mobile device.
Security Advisory 2108-02
Trovent Security GmbH discovered a user account enumeration vulnerability in the password reset function of the Zepp mobile application.
Security Advisory 2108-01
Trovent Security GmbH discovered a user account enumeration vulnerability in the password reset function of the Vivellio mobile application.
Security Advisory 2109-01
Trovent Security GmbH discovered an SQL injection vulnerability in the search function of the calendar module.
Security Advisory 2106-01
Trovent Security GmbH discovered that the Dolibarr application does not escape “greater than” and “smaller than” characters if they are reflected in one of the small pop-up windows with details of the object.
Security Advisory 2106-01
Trovent Security discovered that the Dolibarr application on default settings allows remote code execution in the website builder module.
Security Advisory 2105-02
Trovent Security GmbH discovered that the Dolibarr application does not escape "greater than" and "smaller than" characters if they are reflected in one of the small pop-up windows with details of the object.
Security Advisory 2104-03
Trovent Security GmbH discovered an inconsistency between the API and the client of HealthForYou & Sanitas HealthCoach.
Comparing Detection Results with Microsoft365 Defender
Our objective: Comparing detection results from our EAGLE system with Microsoft365 Defender. And since the environments we typically work in are hybrid IT environments, consisting of both cloud and on-premise infrastructure, we wanted to make sure to include on-premise Windows machines in our testing process.
Security Advisory 2105-01
Trovent Security GmbH discovered that the VeryFitPro mobile application performs all communication with the backend API via cleartext HTTP.