Published Vulnerabilities


Microsoft Windows 2012 R2 (x64) - (MMC) Local DoS Vulnerability

Pointer Issue crashs local mmc.exe process on Microsoft Windows 2012 R2 x64

Due to a test in a staging-system that was fresh setup with a windows 2012 r2 release the researcher of the vulnerability lab identified a serious local denial of service vulnerability affecting different other microsoft processes or security mechanisms.

The windows 2012 r2 has a basic firewall were it is possible to setup specific rule set. Defining a block policy for ips (above 200) can result in a corruption of the windows mmc.exe (Microsoft Management Console). The result is that the actual snapshot of the session corrupts due to the error with a corruption, which results in a simple but stable application crash. The issue occurs in the kernelbase dynamic link library because of the counted ip items in the list that returns with a null pointer.


Bundeswehr Career Page - Weak spot permanently closed

Security gap in search function of Bundeswehr web application patched

About some time ago, we had a look at the latest Bundeswehr website ( in our lab. We noticed an error in the output of the validation of an application. We then investigated this error in more detail and in the end we were able to provide the Bundeswehr with an exploitable vulnerability in the area of Persistent Input Validation / Cross Site Scripting. After half a year has passed we would like to share this with you and will report about it here.

It all began with a notice of the announcement of the new digital updates at the Bundeswehr and the new career portal. After we talked several times in the office about the secure programming of the web agencies for the Bundeswehr, we wanted to see how the security of the public web portal really is.


Subscribe to RSS - Published Vulnerabilities