Home/ Resources /Research

Research

We think that being able to develop original techniques is paramount to offer high quality computer security services and to solve complex problems.

Innovation and research are two key points of our success. It's passion and knowing that we are helping end users that force us to be active in the security research field. We conduct audits of Commercial and Open Source Software and release our findings to the community.

We publish security Advisories according to the Responsible Disclosure model (where the Vendor is advised of the findings and the Advisory release is coordinated to the one of the new Software version or a security patch).

Security Advisories

Security Advisory per Aerohive Networks
Security Advisory per AOL
Security Advisory per Apache
Security Advisory per Fortinet
Security Advisory per Jetty
Security Advisory per MikroTik
Security Advisory per Moodle
Security Advisory per Nginx
Security Advisory per PHP
Security Advisory per QNAP
Security Advisory per Skype
Security Advisory per SolarWinds
Security Advisory per SugarCRM
Security Advisory per Veeam
Security Advisory per Zabbix

Advisories

CVE
Qnap QTS Domain Privilege Escalation Vulnerability
March 22, 2017
CVE
Veeam Backup & Replication Local Privilege Escalation Vulnerability
October 8, 2015
CVE
ARC v2011-12-01 Multiple vulnerabilities
November 22, 2012
CVE
Pixelpost (Calendar addon 1.1.6) 1.7.3 Multiple vulnerabilities
April 7, 2011
CVE
Vtiger CRM 5.2.0 Multiple Vulnerabilities
November 16, 2010
CVE
Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection
January 11, 2010
CVE
Jetty 6.x and 7.x Multiple Vulnerabilities
October 25, 2009
CVE
Vtiger CRM 5.0.4 Multiple Vulnerabilities
August 18, 2009
CVE
PHP filesystem attack vectors - Take Two
July 26, 2009
CVE
SugarCRM 5.2.0e Remote Code Execution
June 13, 2009
CVE
FormMail 1.92 Multiple Vulnerabilities
May 12, 2009
CVE
Zabbix 1.6.2 Frontend Multiple Vulnerabilities
Published on Milw0rm, SecurityFocus, Full Disclosure, BugTraq
March 3, 2009
CVE
PHP filesystem attack vectors
Published on Packetstorm (1), Packetstorm (2), Full Disclosure, BugTraq, CGI Security
January 26, 2009
CVE
Remote Command Execution in Moodle
Published on BugTraq
December 16, 2008
CVE
Collabtive 0.4.8 Multiple Vulnerabilities
Published on BugTraq
November 11, 2008
CVE
Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities.
Published on BugTraq, CVE-2008-2276
May 20, 2008
CVE
WiKID wClient-PHP <= 3.0-2 Multiple XSS Vulnerabilities
Published on BugTraq
April 11, 2008
CVE
Cacti 0.8.7a Multiple Vulnerabilities
Published on BugTraq
April 4, 2008
CVE
GreenSQL, a MySQL firewall, bypassed
October 4, 2007
CVE
Original Photo Gallery Remote Command Execution
Published on BugTraq, Packetstorm, Vulnwatch
October 2, 2007
CVE
Firefox <= 2.0.0.3 DOM Keylogger (bypass same-origin policy)
June 3, 2007
CVE
Shadowpage vulnerability: the page that doesn't exists (Multiple browsers affected)
May 7, 2007
CVE
PHP import_request_variables() arbitrary variable overwrite
Published on Packetstorm
March 9, 2007
CVE
Php Nuke wild POST XSS
Published on BugTraq, Packetstorm
March 9, 2007
CVE
Milkeyway Captive Portal Multiple Vulnerabilities
Published on Vulnwatch
March 16, 2006
CVE
PmWiki remote file inclusion exploit
February 1, 2006
CVE
PHP5 Globals Vulnerability
Published on SecuriTeam, Full Disclosure
January 25, 2006
CVE
PmWiki Multiple Vulnerabilities
Published on Full Disclosure
January 24, 2006
CVE
WebCalendar Multiple Vulnerabilities
Published on Bugtraq
January 24, 2006
CVE
Free Web Stat Multiple XSS Vulnerabilities
Published on Bugtraq
November 25, 2005
CVE
Php Web Statistik Multiple Vulnerabilities
Published on Packetstorm
November 19, 2005
CVE
PHP iCalendar XSS
Published on Bugtraq, Packetstorm
October 25, 2005
Official recognition for security and quality

Our Certifications

IQNET CertificationIMQ ISO/IEC 27001:2022ISO/IEC 9001:2015 Certification

Want additional information about our method and procedure?

Contact us!

[email protected] Starter Kit Brochure

Clients who have trusted us

Nestle UBI Banca Libero Mediaset Repubblica Italiana Subito

The collaboration with ISGroup SRL was highly constructive and allowed us to strengthen internal procedures. We have significantly improved the security of our software solutions and the ability to prevent major threats.

Giovanni Cardarelli
Giovanni Cardarelli

ISWEB S.p.A.

ISGroup analyses have strengthened our IT infrastructure and opened access to new markets. Professionalism, availability and goal orientation made the collaboration smooth and extremely effective.

Prime Service S.r.l.
Alfredo Vittoria

Prime Service S.r.l.

The Flora platform proved to be solid and well protected thanks to ISGroup analyses. A competent and flexible team, capable of adapting to our pace and guaranteeing reliable support throughout the project.

Kelyon S.r.l.
PM Officer

Kelyon S.r.l.

Publications

A brief collection of publications, materials and presentations that our staff members produced and presented during their career.

This is a demonstration that IT Security is not just a profession for us but also a great passion.

Our publications

Research

Research is a fascinating activity that puts the computer security expert always against scenarios and challenges. For years, even through our non-commercial embodiment, ush.it - a beautiful place, we dedicated ourselves to the publication of advisories, exploit development and bug hunting.

Our researches

Certification and Training

Thanks to the experience gained during technical activities performed so far, the results of our research and our knowledge of IT Security issues and solutions, we are able to provide different training paths for those who are in position to execute offensive (auditor, penetration tester) or defensive (network administrators, developers) activities.

The Training

ISGroup SRL
Via Cantarane, 14
37129 Verona VR
CF e P.IVA 04164220230
REA VR-397513

Contacts

Certified company ISO 9001 and ISO 27001

Cybersecurity made in Italy

© 2005-2026 ISGroup SRL. All Rights Reserved.

Sitemap  Privacy Policy  Cookie Policy

IQNET Certification ISO/IEC 27001:2022 Certification ISO/IEC 9001:2015 Certification

🎉 We want to talk to you! Book an appointment!