Our Security Research
Building a Stronger, More Secure Future
Somewhere, something incredible is waiting to be known
At Cuberk Solutions, we truly connect with this thought. We believe that there is always more to discover and learn in the world of cybersecurity. We believe that true cybersecurity excellence comes from a culture of continuous research, curiosity, and innovation. This belief drives our work every day.
We strongly believe in the importance of continuous research and learning in the field of information security. Our team stays updated with the latest trends, tools, and technologies in infosec. We regularly study new types of attacks, security flaws/vulnerabilities, and advanced techniques so that we can protect our clients better.
We are passionate about finding solutions to complex security challenges and are constantly seeking out new ways to innovate and improve our services. Our services are backed by strong research and practical experience. Whether through penetration testing, secure code review, or training progrmas, we strive to deliver exceptional results to our clients and make a positive impact on the industry.
As a company, we are committed to conducting research and sharing our findings with the wider community. We believe that by collaborating and sharing knowledge, we can help advance the field of information security and make the world a safer place for everyone.
Our clients trust us because we combine deep technical skills with a clear understanding of real-world business needs. We are passionate about solving complex security challenges and delivering results that matter. We don't just work for you - we work with you.
So if you're looking for a team that is dedicated to security research, innovation, and helping you secure your systems and data, look no further than Cuberk Solutions. We would be happy to work with you and help you achieve your security goals.
For in-depth insights into our security research, visit our blog and case studies.
Our Security Advisories
CVE-2023-43261
Published: 2023-09-18An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.
Severity: HIGH (CVSS 7.5/10)CVE-2023-43260
Published: 2023-09-18Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel.
Severity: MEDIUM (CVSS 6.5/10)CVE-2020-22986
Published: 2020-08-13Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task.
Severity: MEDIUM (CVSS 6.5/10)CVE-2020-22987
Published: 2020-08-13Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task.
Severity: MEDIUM (CVSS 6.5/10)CVE-2020-22983
Published: 2020-08-13A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task.
Severity: HIGH (CVSS 8.1/10)CVE-2020-22984
Published: 2020-08-13Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task.
Severity: MEDIUM (CVSS 6.1/10)CVE-2020-22985
Published: 2020-08-13Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task.
Severity: MEDIUM (CVSS 6.1/10)