what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 100 RSS Feed

Files

ABUS Secvest Remote Control Denial Of Service
Posted Mar 25, 2019
Authored by Matthias Deeg, Thomas Detert | Site syss.de

Thomas Detert found out that the claimed "Encrypted signal transmission" of the Secvest wireless remote control FUBE50014 is not present and that the implemented rolling codes are predictable. By exploiting these two security issues, an attacker can simply desynchronize a wireless remote control by observing the current rolling code state, generating many valid rolling codes, and use them before the original wireless remote control. The Secvest wireless alarm system will ignore sent commands by the wireless remote control until the generated rolling code happens to match the window of valid rolling code values again. Depending on the number of used rolling codes by the attacker, a resynchronization without actually reconfiguring the wireless remote control could take quite a lot of time and effectless button presses. SySS found out that the new ABUS Secvest remote control FUBE50015 is also affected by this security vulnerability.

tags | advisory, remote
advisories | CVE-2019-9860
SHA-256 | 1e8bdcc2aac5543c46a47138bfd7aaeba7d32444b036b9f6db96a45e4987806a

Related Files

ABUS Secvest 3.01.01 Unchecked Message Transmission Error Condition
Posted Jul 27, 2019
Authored by Matthias Deeg, Thomas Detert | Site syss.de

Thomas Detert found out that the jamming detection of the ABUS alarm central does not detect short jamming signals that are shorter than normal ABUS RF messages. Thus, an attacker is able to perform a "reactive jamming" attack. The reactive jamming simply detects the start of a RF message sent by a component of the ABUS Secvest wireless alarm system, for instance a wireless motion detector (FUBW50000) or a remote control (FUBE50014 or FUBE50015), and overlays it with random data before the original RF message ends. Thereby, the receiver (alarm central) is not able to properly decode the original transmitted signal. This enables an attacker to suppress correctly received RF messages of the wireless alarm system in an unauthorized manner, for instance status messages sent by a detector indicating an intrusion. Version 3.01.01 is affected.

tags | advisory, remote
advisories | CVE-2019-14261
SHA-256 | e98fe47d41ddf0ca24e6f78dac777943006f689fe3cefe75519fcbab7d77131d
ABUS Secvest Remote Control Eavesdropping Issue
Posted Mar 25, 2019
Authored by Matthias Deeg, Thomas Detert | Site syss.de

Thomas Detert found out that the claimed "Encrypted signal transmission" of the Secvest wireless remote control FUBE50014 is not present at all. Thus, an attacker observing radio signals of an ABUS FUBE50014 wireless remote control is able to see all sensitive data of transmitted packets as cleartext and can analyze the used packet format and the communication protocol. For instance, this security issue could successfully be exploited to observe the current rolling code state of the wireless remote control and deduce the cryptographically weak used rolling code algorithm. SySS found out that the new ABUS Secvest remote control FUBE50015 is also affected by this security vulnerability.

tags | advisory, remote, protocol
advisories | CVE-2019-9862
SHA-256 | 4fb6b1bb33c005b26a8192228bc5ffdcbbcb440ba5889e85c120133752973a41
ABUS Secvest 3.01.01 Insecure Algorithm
Posted Mar 25, 2019
Authored by Matthias Deeg, Thomas Detert | Site syss.de

Thomas Detert found out that the rolling codes implemented as replay protection in the radio communication protocol used by the ABUS Secvest wireless alarm system (FUAA50000) and its remote control (FUBE50014, FUB50015) is cryptographically weak.

tags | advisory, remote, protocol
advisories | CVE-2019-9863
SHA-256 | 92648a845f9e728c6b9724e16f7b0148e4f4b7d7c8d97744a46937db2cabc861
MATESO GmbH Password Safe And Repository Enterprise 7.4.4 Build 2247 Credential Management
Posted Apr 11, 2017
Authored by Matthias Deeg | Site syss.de

MATESO GmbH Password Safe and Repository Enterprise 7.4.4 build 2247 suffers from poor credential management using unsalted MD5 hashes.

tags | exploit
SHA-256 | 5105c7b2f62190c0c64b2e7931b0d6a3d0fb7d876c939151bd3f4bae8acd7cdb
MATESO GmbH Password Safe And Repository Enterprise 7.4.4 Build 2247 SQL Injection
Posted Apr 11, 2017
Authored by Matthias Deeg | Site syss.de

MATESO GmbH Password Safe and Repository Enterprise version 7.4.4 build 2247 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 9046651535626d2b33a64b0d5d4c33312e2e5842f722ec1cffb1649ca49e6f7b
M2B GSM Wireless Alarm System Replay Attacks
Posted Nov 24, 2016
Authored by Gerhard Klostermeier | Site syss.de

Due to an insecure implementation of the used 433 MHz radio communication, the wireless alarm system M2B GSM is vulnerable to replay attacks.

tags | advisory
SHA-256 | b19e73ae566f67141fff01b385e124ffe916d02b99d2f4b1eb6581a9331a10b9
M2B GSM Wireless Alarm System Brute Force Issue
Posted Nov 24, 2016
Authored by Gerhard Klostermeier | Site syss.de

Due to an insecure implementation of the used 433 MHz radio communication, the wireless alarm system M2B GSM is vulnerable to brute-force attacks.

tags | advisory
SHA-256 | a33d718d22481da6180fc9af25a09eb7609ae79013ec68a0eb5bd6fddea35071
Microsoft Wireless Desktop 2000 Cryptography Issues
Posted Oct 11, 2016
Authored by Matthias Deeg, Gerhard Klostermeier | Site syss.de

Microsoft Wireless Desktop 2000 version A suffers from cryptographic issues and replay attacks.

tags | advisory
SHA-256 | 5b91e6090047fef94d34dd0fd973cc4e86a6c54ee1ac8d86d8a8818ca9bfdeca
Wireless Keyboard Set LX901 GK900 Replay Attack
Posted Oct 10, 2016
Authored by Matthias Deeg, Gerhard Klostermeier | Site syss.de

Wireless Keyboard Set LX901 model GK900 is missing protection against replay attacks.

tags | advisory
SHA-256 | 76381a4aa95212b548a5c57eb1416134f9c09f4ceba809253b945b2d5b315328
Microsoft Wireless Desktop 2000 Insufficent Protection
Posted Oct 10, 2016
Authored by Matthias Deeg, Gerhard Klostermeier | Site syss.de

Microsoft Wireless Desktop 2000 version A suffers from insufficient protection of code (firmware) and data (cryptographic key).

tags | advisory
SHA-256 | a2e84bef4f1b103936ce31df00ad89196bd85c85162d189f4577c1a150082ee0
Perixx PERIDUO-710W KG-1027 Spoof Attack
Posted Sep 30, 2016
Authored by Matthias Deeg, Gerhard Klostermeier | Site syss.de

The Perixx PERIDUO-710W KG-1027 mouse suffers from insufficient verification of data authenticity allowing for a spoofing attack.

tags | advisory, spoof
SHA-256 | f4bc0516c208b0307fe50d327f89c8d288ef83ffc61506179cd54509362894b3
CHERRY B.UNLIMITED AES JD-0400EU-2/01 Spoof Attack
Posted Sep 30, 2016
Authored by Matthias Deeg, Gerhard Klostermeier | Site syss.de

The CHERRY B.UNLIMITED AES JD-0400EU-2/01 mouse suffers from insufficient verification of data authenticity allowing for a spoofing attack.

tags | advisory, spoof
SHA-256 | 1638ec208f8e37eaf9b5a1c43ce2ce9035fedf7e2ee03ce599899ee97a9d2669
Logitech M520 Y-R0012 Spoof Attack
Posted Sep 30, 2016
Authored by Matthias Deeg, Gerhard Klostermeier | Site syss.de

The Logitech M520 Y-R0012 mouse suffers from insufficient verification of data authenticity allowing for a spoofing attack.

tags | advisory, spoof
SHA-256 | b5b536b4797a8eff1eb40c967a4bdf37db110f16f71fc0a6f0da5e15e92a9b27
QNAP QTS 4.2.1 Build 20160601 Command Injection
Posted Aug 19, 2016
Authored by Sebastian Nerz | Site syss.de

QNAP QTS version 4.2.1 Build 20160601 suffers from an OS command injection vulnerability.

tags | exploit
SHA-256 | cb5c2ee3db6c55c22f86862e5b72bd113f7ae769e329bc847caa576516a573f1
QNAP QTS 4.2.0 Build 20160311 / Build 20160601 Cross Site Scripting
Posted Aug 19, 2016
Authored by Sebastian Nerz | Site syss.de

QNAP QTS versions 4.2.0 Build 20160311 and Build 20160601 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 27689d9fdae27206f86fb67c52b512a57abc9dffe9f0f4d19e8aa363d3efdb19
QNAP QTS 4.2.1 Build 20160601 Cross Site Scripting
Posted Aug 19, 2016
Authored by Sebastian Nerz | Site syss.de

QNAP QTS version 4.2.1 Build 20160601 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 559a2c873cc88588570a681aea2d06fbbb6046cd8fdf54b9dbfec6256c89dda1
QNAP QTS 4.2.1 Build 20160601 Lang Parameter Command Injection
Posted Aug 18, 2016
Authored by Sebastian Nerz | Site syss.de

QNAP QTS version 4.2.1 Build 20160601 suffers from an OS command injection vulnerability.

tags | exploit
SHA-256 | 448d8a4712caf953aec99fadb1be4168c93a5e989fce7c009cd8577b1290902f
QNAP QTS 4.2.1 Build 20160601 Arbitrary File Overwrite
Posted Aug 18, 2016
Authored by Sebastian Nerz | Site syss.de

QNAP QTS version 4.2.1 Build 20160601 suffers from an arbitrary file overwrite vulnerability.

tags | exploit, arbitrary
SHA-256 | 1b6b302fa261390c5f0c6aa9787378c2eaa3685d815a17a90ab3bfb40b207096
QNAP QTS 4.2.0 Build 20160311 / Build 20160601 Cross Site Scripting
Posted Aug 18, 2016
Authored by Sebastian Nerz | Site syss.de

QNAP QTS versions 4.2.0 Build 20160311 and Build 20160601 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 96a4d53ecd91f1a17608c43886a495fcf40a7eca582c4989e48e047118b247ce
QNAP QTS 4.2.0 Build 20160311 / Build 20160601 Command Injection
Posted Aug 18, 2016
Authored by Sebastian Nerz | Site syss.de

QNAP QTS versions 4.2.0 Build 20160311 and Build 20160601 suffer from an OS command injection vulnerability.

tags | exploit
SHA-256 | 892e6af51235735fae4ad4873dc7e3cc493bcb86a765cb905cdf1117cf7df8a9
QNAP QTS 4.2.1 Build 20160601 imbgName Parameter Command Injection
Posted Aug 18, 2016
Authored by Sebastian Nerz | Site syss.de

QNAP QTS version 4.2.1 Build 20160601 suffers from an OS command injection vulnerability.

tags | exploit
SHA-256 | e766f0f6ff858161e23849a3310ffff9e284a377d2850c7d0aacd1f4541b45de
NetIQ Access Manager iManager 2.7.7.6 / 2.7.7.5 Cross Site Scripting
Posted Aug 17, 2016
Authored by Micha Borrmann | Site syss.de

NetIQ Access Manager iManager versions 2.7.7.5 and 2.7.7.6 suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 0d8b132a98ae866b25e976fa91c028b7f87513113e4275ea391b836b58886260
VMware vSphere Hypervisor (ESXi) HTTP Response Injection
Posted Aug 5, 2016
Authored by Matthias Deeg | Site syss.de

The SySS GmbH found out that the web server of VMware ESXi 6 is vulnerable to HTTP response injection attacks, as arbitrarily supplied URL parameters are copied in the HTTP header Location of the server response without sufficient input validation. Thus, an attacker can create a specially crafted URL with a specific URL parameter that injects attacker-controlled data to the response of the VMware ESXi web server. Depending on the context, this allows different attacks. If such a URL is visited by a victim, it may for example be possible to set web browser cookies in the victim's web browser, execute arbitrary JavaScript code, or poison caches of proxy servers.

tags | exploit, web, arbitrary, javascript
advisories | CVE-2016-5331
SHA-256 | 0ea7840b55195ffc59088e4202c17bca17d25971220fb512df76ebf66e0575f9
NASdeluxe NDL-2400r 2.01.10 Command Injection
Posted Aug 4, 2016
Authored by Klaus Eisentraut | Site syss.de

NASdeluxe NDL-2400r version 2.01.10 suffers from an OS command injection vulnerability.

tags | exploit
SHA-256 | df902fffe771a83318d68fb4a1dac2c82339e67536200c100f67b3f129f20ef4
CHERRY B.UNLIMITED AES JD-0400EU-2/01 Crypto Issues / Replay Attacks
Posted Jul 30, 2016
Authored by Matthias Deeg, Gerhard Klostermeier | Site syss.de

CHERRY B.UNLIMITED AES version JD-0400EU-2/01 suffers from cryptographic issues and replay attack vulnerabilities.

tags | exploit, vulnerability
SHA-256 | 3737c6b837cb5779da05eb65eeceaa868fb36d30c20fac2a630e28c5168f4313
Page 1 of 4
Back1234Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close