Rhino Security Labs

Technical Blog

Exploiting ShoreTel Communicator through Situational Awareness

Dwight Hohnstein
April 10, 2018

Recently, the Rhino Security Labs team was tasked with an internal network assessment for an environment which ran a predominantly Windows environment. There are some bells that go off immediately in an assessor’s mind when within a…

Read more

Amazon’s AWS Misconfiguration:
Arbitrary Files Upload in Amazon Go

XML External Entity Injection in Jive-n (CVE-2018-5758)

Sign up for our Newsletter

Hiding in Plain Sight:
XXE Vulnerability in HP Project & Portfolio Mgmt Center

Dwight Hohnstein
February 21, 2018

Researchers at Rhino Security Labs discovered an XXE vulnerability in the way HP Project and Portfolio Management Center (HP PPM) processed imported tickets. Specifically, an XML external entity injection vulnerability allows an attacker to…

Read more