Previous research has shown that it is possible for an attacker to get remote code execution on the electronic control units (ECU) in automotive vehicles via various interfaces such as the Bluetooth interface and the telematics unit. This paper aims to expand on the ideas of what such an attacker could do to influence the behavior of the vehicle after that type of attack. In particular, the authors demonstrate how on two different vehicles that in some circumstances they are able to control the steering, braking, acceleration and display. They also propose a mechanism to detect these kinds of attacks. All technical information and code needed to reproduce these attacks is included in this archive. This was released to the community as promised by the researchers who presented their findings at Defcon 21.
794a8286ed148e6a725895876ffebe1b0e584fd41753499c11022ae5b23ac94cPHPJabbers Car Rental Script version 3.0 suffers from a remote SQL injection vulnerability.
da611ec0ad9f60f8789a0b37c087ba77ab18171db28eb201e5d8c4312ef65403Car Dealer Pro version 2.01 has been reported as having a default backdoor account.
45070a286856c5480a1c62319dc30408713e7974d5b858a58996f94c6ecfb61fCar Rental System version 1.0 suffers from a remote SQL injection vulnerability.
9971ec746ee3e611586ed62a8f4d62daf32403f03d5143116feeb5faa243f276CarolinaCon Online 2 will be hosted April 29th to May 1st, 2022. The conference will be virtual and submitted talks will be live streamed.
fff7bbd7db49ebd9315d7d680ff911339bafb26146b0e7b53c22f7e97b628388Care2x Open Source Hospital Information Management version 2.7 Alpha suffers from multiple persistent cross site scripting vulnerabilities.
fafe260191f7f33dbb5f9100375b9a94aff61fd839113d0ed42f615822e7e232Care2x Integrated Hospital Info System version 2.7 suffers from multiple remote SQL injection vulnerabilities.
813565cbac4fa2b60990827c97c4b6014e8013852af0c5279d6bbe5c159039f1Online Car Rental System version 1.0 suffers from a persistent cross site scripting vulnerability.
2f8a20dffecd3ca2217f48f5132491ebce07d6197ac9a9a1ddfed1c236fcf32eCaret Editor version 4.0.0-rc21 suffers from a remote code execution vulnerability.
7e7de03a228069afd998931340c5bb003ddabd0c57e123a32dc2b9cc269905f0The 16th CarolinaCon was postponed in 2020 due to the pandemic but the conference will be hosted online in 2021. A new CFP has been announced.
3804a85c253ad128b9833739ebb61c517b3febf43c4d9df81e89580873313d29Car Rental Management System version 1.0 unauthenticated persistent cross site scripting session harvester exploit.
b40d22bc3d4f56d3e0cef9a50ef2bae88ee704433658470af06ab12026f23b0aCar Rental Management System version 1.0 unauthenticated remote code execution exploit.
ded9539f93f93225baca3f19309a19831bccb44a855907289ad395322a75422eCar Park Management System version 1.0 suffers a remote SQL injection vulnerability that allows for authentication bypass.
53ccd4d8ace1453e77cc2c0352b243bf12e6894c6fa43c5f70ea83c7a20b3031CarolinaCon, which was to be hosted in Charlotte at the Embassy Suites April 10th through the 11th, 2020, has been postponed due to COVID-19.
be180437e2ced710fbc0cdf1742d7551ea49f8d8fd9621cec346afccca36dc9dCar Rental Project version 1.0 suffers from a remote code execution vulnerability.
e4cc4dc5e55caa316a3d402d9317d0020cfe62d7d79914ce1f4bf5dca32e437aThe 16th CarolinaCon will be hosted in Charlotte at the Embassy Suites April 10th through the 11th, 2020.
0bce466bb9cbf102f2d28af0000b1f76fe3da3a8ce9a030e77c99e94a553af9eOpencart versions 3.0.3.2 and below extension/feed/google_base remote denial of service proof of concept exploit.
95196c99a218a7f9fac52a75974542b8918ccfc5260c75f3fc68347f513ce7a7Carel pCOWeb versions below B1.2.1 suffer from cross site scripting and credential disclosure vulnerabilities.
9373a33471e5a88b02c4c6bf4762247dd272f7c5ca9745a46ea71035a35cd02cCare2x (HIS) Hospital Information System version 2.7 suffers from multiple remote SQL injection vulnerabilities.
7fc5fdbcf20a9682fd649b4d323eef6cafd150b6aeb1e0ea568f52f70cce40deThe 15th CarolinaCon will be hosted in Charlotte at the Renaissance Charlotte Suites April 26th through the 28th in 2019.
e03558c7fde29e8024e19e5ad9431825afdf3cb6342d6760a24a89515bbf78cbCard Payment version 1.0 suffers from a cross site request forgery vulnerability.
b426118d9129d55e7af8743410c0ce6d1debccddeb0a215bec14f194c56a64b0CA Release Automation NiMi version 6.5 suffers from a remote command execution vulnerability.
ee7fc2be843047e737cd1ff2e3299d09c9fbdce8e0cb96c24043007882021e48Cart Engine version 7.0.0 build 20180202 suffers from a backup disclosure vulnerability.
9457d421ca9034e9ce3f768af7f7242211a87c926123460e858fda10589fada7Career Portal Online Job Search Script version 1.0 suffers from a cross site scripting vulnerability.
5c22c967ddc234a1342d944feca3f62b60ef34d2953d7f2dd0a6a42fc85c942aCar Rental Script version 2.0.4 suffers from a remote SQL injection vulnerability.
3cf149a4115354cc900a627be049ed2575f62db011d832b491f986aeeabb8a02Career Portal version 1.0 suffers from a remote SQL injection vulnerability.
bb6523f38398e0d0f2e8e2af045462b6396038ed7689b6fab9425b758ff4f02a
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed