During a recent penetration test, I stumbled upon an instance of the ZKTeco BioTime web application. This application was linked to a time punch clock taking pictures of employees. The management can then analyse these pictures through the web application or an app. Through some directory fuzzing, I …

Together with Tobias Györfi, I tested the software Tangro BWF for a client in 2020. This is a repost of the security advisories that were originally posted on the blog of my former employer Thinking Objects GmbH. Key Value Product Tangro BWF Vendor tangro software components GmbH (Heidelberg, …