News
The latest news published by modzero.
Blog
-
Multiple Vulnerabilities in Poly VoIP Products
December 29, 2023
We uncovered several vulnerabilities allowing an attacker in the network to take over a Poly VoIP device and turn it into a bug hidden in plain sight.
-
12th Anniversary
April 29, 2023
Today we celebrate our 12th anniversary.
-
Better Make Sure Your Password Manager Is Secure
December 19, 2022
We examined the password management solution Passwordstate of Click Studios and identified multiple high severity vulnerabilities.
-
Ridiculous Vulnerability Disclosure Process with CrowdStrike Falcon Sensor
August 22, 2022
We publish a new advisory for a vulnerability in CrowdStrike Falcon Sensor as well as share our thoughts about the ridiculous disclosure process.
Advisories
-
[MZ-23-01] Poly VoIP Devices
December 29, 2023
Several vulnerabilities in Poly VoIP devices
-
[MZ-22-03] Passwordstate
August 20, 2023
Multiple high severity vulnerabilities in Passwordstate by Click Studios
-
[MZ-22-02] CrowdStrike FalconSensor
August 20, 2023
Uninstall Protection Bypass for CrowdStrike Falcon Sensor
-
[MZ-20-03] Multiple deserialization vulnerabilities in the .Net runtime
June 16, 2020
Unauthenticated persistent cross-site scripting injection into the administrative console of CISCO ISE web application via DHCP request
Archive
mod%log →
The latest news published by modzero.
Blog
-
Multiple Vulnerabilities in Poly VoIP Products
December 29, 2023
We uncovered several vulnerabilities allowing an attacker in the network to take over a Poly VoIP device and turn it into a bug hidden in plain sight.
-
12th Anniversary
April 29, 2023
Today we celebrate our 12th anniversary.
-
Better Make Sure Your Password Manager Is Secure
December 19, 2022
We examined the password management solution Passwordstate of Click Studios and identified multiple high severity vulnerabilities.
-
Ridiculous Vulnerability Disclosure Process with CrowdStrike Falcon Sensor
August 22, 2022
We publish a new advisory for a vulnerability in CrowdStrike Falcon Sensor as well as share our thoughts about the ridiculous disclosure process.
Advisories
-
[MZ-23-01] Poly VoIP Devices
December 29, 2023
Several vulnerabilities in Poly VoIP devices
-
[MZ-22-03] Passwordstate
August 20, 2023
Multiple high severity vulnerabilities in Passwordstate by Click Studios
-
[MZ-22-02] CrowdStrike FalconSensor
August 20, 2023
Uninstall Protection Bypass for CrowdStrike Falcon Sensor
-
[MZ-20-03] Multiple deserialization vulnerabilities in the .Net runtime
June 16, 2020
Unauthenticated persistent cross-site scripting injection into the administrative console of CISCO ISE web application via DHCP request