what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 20 of 20 RSS Feed

Files from Micha Borrmann

Email addressborrmann at syss.de
First Active2006-02-14
Last Active2020-11-16
MailDepot 2033 2.3.3022 Cross Site Scripting
Posted Nov 16, 2020
Authored by Micha Borrmann, Thomas Engel | Site syss.de

MailDepot version 2033 (2.3.3022) suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-26554
SHA-256 | f82776b6e406fc3d421c55e64c73955573843831dc5dcd361b30f289b3c99402
MailDepot 2032 SP2 (2.2.1242) Authorization Bypass
Posted Oct 2, 2020
Authored by Micha Borrmann | Site syss.de

MailDepot version 2032 SP2 (2.2.1242) suffers from an improper authorization vulnerability. The REDDOXX MailDepot web service does not correctly verify whether a user has the proper rights to access specified mailboxes in a corresponding web service request. The web service request will only be processed if it contains a valid authentication token (usual REST web service), but the names of the mailboxes to be accessed are given within a JSON object which is not validated properly regarding user access permissions. Thus, any authenticated user can access mailboxes of other users due to improper authorization checks.

tags | exploit, web
advisories | CVE-2019-19200
SHA-256 | 32ab4f6645b5760f2cd58298371554aeca5c3729abaf3ad7500e4ee9b6054b7e
MailDepot 2032 SP2 Session Expiration
Posted Sep 30, 2020
Authored by Micha Borrmann | Site syss.de

MailDepot version 2032 SP2 (2.2.1242) suffers from a session expiration design issue.

tags | exploit
advisories | CVE-2019-19199
SHA-256 | 700f980163d0fca1ea48e794d6af4f154b44ba1253811ef8c5c1d57d881a5603
Citrix Gateway 11.1 / 12.0 / 12.1 Cache Bypass
Posted Mar 9, 2020
Authored by Micha Borrmann | Site syss.de

Citrix Gateway versions 11.1, 12.0, and 12.1 suffer from a caching bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2020-10111
SHA-256 | e66fad2ae92f73fb782b7c631067c3bb1b0caaccc40cc4f59aeef45ae61b351d
Citrix Gateway 11.1 / 12.0 / 12.1 Cache Poisoning
Posted Mar 9, 2020
Authored by Micha Borrmann | Site syss.de

Citrix Gateway versions 11.1, 12.0, and 12.1 suffer from a cache poisoning vulnerability.

tags | exploit
advisories | CVE-2020-10112
SHA-256 | 0015b1f67eb00244860fff58d081b6a94b03615ce41aa999c016ebe81945506b
Citrix Gateway 11.1 / 12.0 / 12.1 Information Disclosure
Posted Mar 9, 2020
Authored by Micha Borrmann | Site syss.de

Citrix Gateway versions 11.1, 12.0, and 12.1 suffer from an information disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2020-10110
SHA-256 | aca831367203c586cf693ab95a5e463eeaa4d60eae5b4d5efe517d8da98e9aa8
Kentix MultiSensor-LAN 5.63.00 Authentication Bypass
Posted Jan 18, 2019
Authored by Micha Borrmann | Site syss.de

Kentix MultiSensor-LAN versions 5.63.00 and below suffer from an authentication bypass vulnerability. The web based application is not using a usual session concept with a session cookie for managing authenticated user sessions. Some URLs are protected with HTTP Basic Authentication, but the user management web page can be accessed and used without any authentication.

tags | exploit, web, bypass
advisories | CVE-2018-19783
SHA-256 | 9539232da19e15d0629fcca3bd000fa2358a6f53a457c9651cc76e622d7bb99d
HMS Netbiter WS100 3.30.5 Cross Site Scripting
Posted Jan 13, 2019
Authored by Micha Borrmann | Site syss.de

HMS Netbiter WS100 versions 3.30.5 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-19694
SHA-256 | b25d8c561ac388470d4efeffe2d90dd3752e59062fa9352f51b292ec96b86a9e
Polycom VVX 500 / VVX 601 5.8.0.12848 Information Exposure
Posted Oct 24, 2018
Authored by Micha Borrmann | Site syss.de

Polycom VVX 500 / VVX 601 versions 5.8.0.12848 and below suffer from an information exposure vulnerability.

tags | exploit
advisories | CVE-2018-18566
SHA-256 | 3946095174c52f0117914befe41f9b683f9acdfb9bf275dc1ae13b547ebad25b
Polycom VVX 500 / VVX 601 5.8.0.12848 Man-In-The-Middle
Posted Oct 24, 2018
Authored by Micha Borrmann | Site syss.de

Polycom VVX 500 / VVX 601 versions 5.8.0.12848 and below suffer from a man-in-the-middle vulnerability.

tags | exploit
advisories | CVE-2018-18568
SHA-256 | 7b5fbf76b7eba76a71529c6ea57d610f4fcc5779b2d7571076b77a2832b5f4db
AudioCodes 440HD / 450HD IP Phone 3.1.2.89 Man-In-The-Middle
Posted Oct 24, 2018
Authored by Micha Borrmann | Site syss.de

AudioCodes 440HD / 450HD IP Phone versions 3.1.2.89 and below suffer from a man-in-the-middle vulnerability.

tags | exploit
advisories | CVE-2018-18567
SHA-256 | 60e19e61a99c7d9dabb6688f443d8a862df2c3e07135d755e7dfeaf5d3b99db3
Microsoft Office 365 Enterprise E3 Insufficient Session Expiration
Posted Jul 7, 2017
Authored by Micha Borrmann | Site syss.de

Microsoft Office 365 Enterprise E3 suffers from an insufficient session expiration vulnerability.

tags | exploit
SHA-256 | 71b7c538dc235667bda1e21c050149a2a4aa82d2b550a41e97c9f1758d8d7dbf
HP Wireless Mouse Spoofing Issue
Posted May 16, 2017
Authored by Micha Borrmann, Matthias Deeg | Site syss.de

HP ERK-321A is a wireless desktop set consisting of a mouse and a keyboard.

tags | advisory
SHA-256 | 397d0a3e42b49ff649457998978949155ade071f9d5b96485fc2ed32dcb78d1b
Cisco Expressway 8.8.1 Internal Scanning
Posted Dec 17, 2016
Authored by Micha Borrmann | Site syss.de

Cisco Expressway version 8.8.1 suffers from an access control bypass that allows an attacker to leverage the application for internal port scanning.

tags | exploit
systems | cisco
SHA-256 | a361dfbad67cdbc85d866b203c31e7071f2f67698c9fe8627ebe4531801d3757
NetIQ Access Manager iManager 2.7.7.6 / 2.7.7.5 Cross Site Scripting
Posted Aug 17, 2016
Authored by Micha Borrmann | Site syss.de

NetIQ Access Manager iManager versions 2.7.7.5 and 2.7.7.6 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 0d8b132a98ae866b25e976fa91c028b7f87513113e4275ea391b836b58886260
FTP Rush 2.1.8 X.509 Validation
Posted May 21, 2014
Authored by Micha Borrmann | Site syss.de

FTP Rush version 2.1.8 fails to validate X.509 certificates.

tags | advisory
SHA-256 | 08db1ca6e7f0ad3753320343d94123a3e0682c3ebd85684834dbf71b50e8349d
Cyberduck 4.4.3 (14140 Windows) X.509 Validation Failure
Posted May 6, 2014
Authored by Micha Borrmann | Site syss.de

Cyberduck version 4.4.3 (14140) for Windows fails to properly validate X.509 certificates.

tags | exploit
systems | windows
advisories | CVE-2014-2845
SHA-256 | 541b5bb49a5ff4999d477790815626466bd8ac777fd0984dec1f956c46e55a27
WinSCP 5.5.2.4130 Missing X.509 Validation
Posted Apr 16, 2014
Authored by Micha Borrmann | Site syss.de

WinSCP version 5.5.2.4130 does not checking the "Common Name" of an X.509 certificate when FTP with TLS is used.

tags | advisory
advisories | CVE-2014-2735
SHA-256 | c02e58412a1d791bba874a01d9d7de079487428a4d6386a5000a3a88f7464688
Palo Alto Networks GlobalProtect Man-In-The-Middle
Posted Oct 18, 2012
Authored by Micha Borrmann

Palo Alto Networks GlobalProtect version 1.1.5-5 fails to validate the X.509 certificate from the VPN gateway.

tags | advisory
SHA-256 | bff092db177f25c89ce9c73bf1a73f97eb7d696e490318ef7d240cfbd37cab70
guestbookPHP.txt
Posted Feb 14, 2006
Authored by Micha Borrmann

gastbuch versions 1.3.2 and below are susceptible to cross site scripting.

tags | exploit, xss
SHA-256 | 10800f5d68d19645c993ed7441ba1f86c4a93f2b7c2442a311397c86bf4e10c7
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close