exploit the possibilities
Showing 1 - 20 of 20 RSS Feed

Files from Micha Borrmann

Email addressborrmann at syss.de
First Active2006-02-14
Last Active2020-11-16
MailDepot 2033 2.3.3022 Cross Site Scripting
Posted Nov 16, 2020
Authored by Micha Borrmann, Thomas Engel | Site syss.de

MailDepot version 2033 (2.3.3022) suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-26554
MD5 | 1fd4f4c962bf56df0c1ae99d3b9409e2
MailDepot 2032 SP2 (2.2.1242) Authorization Bypass
Posted Oct 2, 2020
Authored by Micha Borrmann

MailDepot version 2032 SP2 (2.2.1242) suffers from an improper authorization vulnerability. The REDDOXX MailDepot web service does not correctly verify whether a user has the proper rights to access specified mailboxes in a corresponding web service request. The web service request will only be processed if it contains a valid authentication token (usual REST web service), but the names of the mailboxes to be accessed are given within a JSON object which is not validated properly regarding user access permissions. Thus, any authenticated user can access mailboxes of other users due to improper authorization checks.

tags | exploit, web
advisories | CVE-2019-19200
MD5 | 2e1b3f83e91175cf5635f13218d5b89a
MailDepot 2032 SP2 Session Expiration
Posted Sep 30, 2020
Authored by Micha Borrmann

MailDepot version 2032 SP2 (2.2.1242) suffers from a session expiration design issue.

tags | exploit
advisories | CVE-2019-19199
MD5 | 04f7f6eb7e1bcaee1a3ee7cc2f78dcc4
Citrix Gateway 11.1 / 12.0 / 12.1 Cache Bypass
Posted Mar 9, 2020
Authored by Micha Borrmann

Citrix Gateway versions 11.1, 12.0, and 12.1 suffer from a caching bypass vulnerability.

tags | exploit, bypass
advisories | CVE-2020-10111
MD5 | 1009c64a1d888ddc6c7512f4221d1e4d
Citrix Gateway 11.1 / 12.0 / 12.1 Cache Poisoning
Posted Mar 9, 2020
Authored by Micha Borrmann

Citrix Gateway versions 11.1, 12.0, and 12.1 suffer from a cache poisoning vulnerability.

tags | exploit
advisories | CVE-2020-10112
MD5 | 07d4982030785b7b90341e76e3e07ea5
Citrix Gateway 11.1 / 12.0 / 12.1 Information Disclosure
Posted Mar 9, 2020
Authored by Micha Borrmann

Citrix Gateway versions 11.1, 12.0, and 12.1 suffer from an information disclosure vulnerability.

tags | exploit, info disclosure
advisories | CVE-2020-10110
MD5 | d5d012e0d06c1a3aa0e4cd4c44123f39
Kentix MultiSensor-LAN 5.63.00 Authentication Bypass
Posted Jan 18, 2019
Authored by Micha Borrmann

Kentix MultiSensor-LAN versions 5.63.00 and below suffer from an authentication bypass vulnerability. The web based application is not using a usual session concept with a session cookie for managing authenticated user sessions. Some URLs are protected with HTTP Basic Authentication, but the user management web page can be accessed and used without any authentication.

tags | exploit, web, bypass
advisories | CVE-2018-19783
MD5 | 85615421d4b8774b861196ab8f62be4f
HMS Netbiter WS100 3.30.5 Cross Site Scripting
Posted Jan 13, 2019
Authored by Micha Borrmann

HMS Netbiter WS100 versions 3.30.5 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-19694
MD5 | 4c33dddf7eecb5e75d363ffe7b63d308
Polycom VVX 500 / VVX 601 5.8.0.12848 Information Exposure
Posted Oct 24, 2018
Authored by Micha Borrmann

Polycom VVX 500 / VVX 601 versions 5.8.0.12848 and below suffer from an information exposure vulnerability.

tags | exploit
advisories | CVE-2018-18566
MD5 | 8a586de40e17b8d9e7994abc3bf45715
Polycom VVX 500 / VVX 601 5.8.0.12848 Man-In-The-Middle
Posted Oct 24, 2018
Authored by Micha Borrmann

Polycom VVX 500 / VVX 601 versions 5.8.0.12848 and below suffer from a man-in-the-middle vulnerability.

tags | exploit
advisories | CVE-2018-18568
MD5 | 05bfe95da19ea87af112e03808ba1a41
AudioCodes 440HD / 450HD IP Phone 3.1.2.89 Man-In-The-Middle
Posted Oct 24, 2018
Authored by Micha Borrmann

AudioCodes 440HD / 450HD IP Phone versions 3.1.2.89 and below suffer from a man-in-the-middle vulnerability.

tags | exploit
advisories | CVE-2018-18567
MD5 | cc3a9a5d3d057caf02399a3bc9167c45
Microsoft Office 365 Enterprise E3 Insufficient Session Expiration
Posted Jul 7, 2017
Authored by Micha Borrmann

Microsoft Office 365 Enterprise E3 suffers from an insufficient session expiration vulnerability.

tags | exploit
MD5 | b66194af3c4ecfb1756126159b020eb3
HP Wireless Mouse Spoofing Issue
Posted May 16, 2017
Authored by Micha Borrmann, Matthias Deeg

HP ERK-321A is a wireless desktop set consisting of a mouse and a keyboard.

tags | advisory
MD5 | c2aa6929abe16f687a30bf704401e63e
Cisco Expressway 8.8.1 Internal Scanning
Posted Dec 17, 2016
Authored by Micha Borrmann

Cisco Expressway version 8.8.1 suffers from an access control bypass that allows an attacker to leverage the application for internal port scanning.

tags | exploit
systems | cisco
MD5 | eb734f7dda157eb3a3fe72fb4c950db7
NetIQ Access Manager iManager 2.7.7.6 / 2.7.7.5 Cross Site Scripting
Posted Aug 17, 2016
Authored by Micha Borrmann

NetIQ Access Manager iManager versions 2.7.7.5 and 2.7.7.6 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 122b37c25373344025612533ceaac6a3
FTP Rush 2.1.8 X.509 Validation
Posted May 21, 2014
Authored by Micha Borrmann

FTP Rush version 2.1.8 fails to validate X.509 certificates.

tags | advisory
MD5 | 9d72c8b29594810cb49254ff69d75869
Cyberduck 4.4.3 (14140 Windows) X.509 Validation Failure
Posted May 6, 2014
Authored by Micha Borrmann

Cyberduck version 4.4.3 (14140) for Windows fails to properly validate X.509 certificates.

tags | exploit
systems | windows
advisories | CVE-2014-2845
MD5 | 7546282d9927b352c32f620e22fe0257
WinSCP 5.5.2.4130 Missing X.509 Validation
Posted Apr 16, 2014
Authored by Micha Borrmann

WinSCP version 5.5.2.4130 does not checking the "Common Name" of an X.509 certificate when FTP with TLS is used.

tags | advisory
advisories | CVE-2014-2735
MD5 | 130d2c4f42e36a9d13e53d5b0e7f6e80
Palo Alto Networks GlobalProtect Man-In-The-Middle
Posted Oct 18, 2012
Authored by Micha Borrmann

Palo Alto Networks GlobalProtect version 1.1.5-5 fails to validate the X.509 certificate from the VPN gateway.

tags | advisory
MD5 | abc4f3b0944fdf7c7ea0c5710e3d6ba5
guestbookPHP.txt
Posted Feb 14, 2006
Authored by Micha Borrmann

gastbuch versions 1.3.2 and below are susceptible to cross site scripting.

tags | exploit, xss
MD5 | 144ce0b21664236abeb439e709045dc9
Page 1 of 1
Back1Next

File Archive:

December 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    22 Files
  • 2
    Dec 2nd
    33 Files
  • 3
    Dec 3rd
    16 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close