what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

Inateck 2.4 GHz Wireless Presenter WP1001 Keystroke Injection
Posted Jun 4, 2019
Authored by Matthias Deeg

Inateck 2.4 GHz Wireless Presenter WP1001 suffers from a keystroke injection vulnerability.

tags | advisory
advisories | CVE-2019-12505
MD5 | 6cd4e96f339734270088fdd808cf413c

Related Files

Microsoft Surface Mouse WS3-00002 Insufficient Memory Protection
Posted Oct 10, 2019
Authored by Matthias Deeg

SySS GmbH found out that the embedded flash memory of the Bluetooth LE Microsoft Surface Mouse can be read and written via the SWD (Serial Wire Debug) interface of the used nRF51822 Bluetooth SoC as the flash memory is not protected by the offered readback protection feature.

tags | advisory
MD5 | a9e65a38ffe338de145865d9a8de30f2
Microsoft Surface Keyboard WS2-00005 Insufficient Memory Protection
Posted Oct 10, 2019
Authored by Matthias Deeg

SySS GmbH found out that the embedded flash memory of the Bluetooth LE Microsoft Surface Keyboard can be read and written via the SWD (Serial Wire Debug) interface of the used nRF51822 Bluetooth SoC as the flash memory is not protected by the offered readback protection feature.

tags | advisory
MD5 | a44a9d7054814563ee60e5bc1d7f4c0a
Microsoft Designer Bluetooth Desktop Insufficient Memory Protection
Posted Oct 10, 2019
Authored by Matthias Deeg

SySS GmbH found out that the embedded flash memory of the Microsoft Designer Bluetooth Desktop keyboard can be read and written via the SWD (Serial Wire Debug) interface of the used nRF51822 Bluetooth SoC as the flash memory is not protected by the offered readback protection feature.

tags | advisory
MD5 | 365bea94eda75754b0953a458af3d0b5
ABUS Secvest Remote Control Denial Of Service
Posted Mar 25, 2019
Authored by Matthias Deeg, Thomas Detert

Thomas Detert found out that the claimed "Encrypted signal transmission" of the Secvest wireless remote control FUBE50014 is not present and that the implemented rolling codes are predictable. By exploiting these two security issues, an attacker can simply desynchronize a wireless remote control by observing the current rolling code state, generating many valid rolling codes, and use them before the original wireless remote control. The Secvest wireless alarm system will ignore sent commands by the wireless remote control until the generated rolling code happens to match the window of valid rolling code values again. Depending on the number of used rolling codes by the attacker, a resynchronization without actually reconfiguring the wireless remote control could take quite a lot of time and effectless button presses. SySS found out that the new ABUS Secvest remote control FUBE50015 is also affected by this security vulnerability.

tags | advisory, remote
advisories | CVE-2019-9860
MD5 | 1af146c7db6df9a5a723c3e54422b6a1
ABUS Secvest Remote Control Eavesdropping Issue
Posted Mar 25, 2019
Authored by Matthias Deeg, Thomas Detert

Thomas Detert found out that the claimed "Encrypted signal transmission" of the Secvest wireless remote control FUBE50014 is not present at all. Thus, an attacker observing radio signals of an ABUS FUBE50014 wireless remote control is able to see all sensitive data of transmitted packets as cleartext and can analyze the used packet format and the communication protocol. For instance, this security issue could successfully be exploited to observe the current rolling code state of the wireless remote control and deduce the cryptographically weak used rolling code algorithm. SySS found out that the new ABUS Secvest remote control FUBE50015 is also affected by this security vulnerability.

tags | advisory, remote, protocol
advisories | CVE-2019-9862
MD5 | b2b4808a3fad1c892d13370b57e31fc4
Fujitsu LX901 GK900 Keystroke Injection
Posted Mar 15, 2019
Authored by Matthias Deeg

SySS GmbH found out that the wireless desktop set Fujitsu LX901 is vulnerable to keystroke injection attacks by sending unencrypted data packets with the correct packet format to the receiver (USB dongle).

tags | advisory
MD5 | be5d36b96d4f2705e625f64190c28a98
MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 Privilege Escalation
Posted Feb 19, 2019
Authored by Mike Siegel

MaxxAudio Drivers WavesSysSvc64.exe version 1.6.2.0 suffers from a file permission privilege escalation vulnerability that results in SYSTEM level access.

tags | exploit
MD5 | 6bff06b4648f823eae1a83c736360757
Case Study: Security Of Modern Bluetooth Keyboards
Posted Jun 22, 2018
Authored by Matthias Deeg, Gerhard Klostermeier

This whitepaper is a case study that analyzes the security of modern bluetooth keyboards. In the course of this research project, SySS GmbH analyzed three currently popular wireless keyboards using Bluetooth technology that can be bought on the Amazon marketplace for security vulnerabilities. The following three devices were tested for security issues from different attacker perspectives: 1byoneKeyboard, LogitechK480, and MicrosoftDesignerBluetoothDesktop (Model1678 2017).

tags | paper, vulnerability
MD5 | 066966c0a18d2c6ee4c885c5fb48bd21
ABUS Secvest 1.01.00 Replay Issue
Posted Feb 22, 2017
Authored by Matthias Deeg

SySS GmbH found out that the radio communication protocol used by the ABUS Secvest wireless alarm system (FUAA50000) and its remote control (FUBE50013) is not protected against replay attacks. Therefore, an attacker can record the radio signal of a wireless remote control, for example using a software-defined radio, when the alarm system is disarmed by its owner, and play it back at a later time in order to disable the alarm system at will.

tags | advisory, remote, protocol
MD5 | ebfcb46164f30132e5781bd7c7528633
EASY HOME Alarmanlagen-Set MAS-S01-09 Cryptographic Issues
Posted Nov 24, 2016
Authored by Gerhard Klostermeier

SySS GmbH found out that the 125 kHz RFID technology used by the EASY HOME MAS-S01-09 wireless alarm system has no protection by means of authentication against rogue/cloned RFID tokens. The information stored on the used RFID tokens can be read easily in a very short time from distances up to 1 meter, depending on the used RFID reader. A working cloned RFID token is ready for use within a couple of seconds using freely available tools.

tags | advisory
MD5 | 1e8305e16302deb63edb52838d0c7462
Deactivating Endpoint Protection Software In An Unauthorized Manner (Revisited)
Posted Sep 27, 2016
Authored by Matthias Deeg, Sven Freund

In this paper, the authors describe how the violation of secure design principles can cause authentication bypass vulnerabilities that were found in current endpoint protection software products of different vendors in 2015. All the discussed security vulnerabilities have been reported to the manufacturers of the affected software products according to our responsible disclosure policy and were publicly disclosed in several SySS security advisories and in a talk at the IT security conference DeepSec 2015.

tags | paper, local, vulnerability, bypass
MD5 | 38830fe267b188fd72a1344628a1ad82
QNAP QTS 4.2.0 Build 20160311 / Build 20160601 Command Injection
Posted Aug 18, 2016
Authored by Sebastian Nerz

QNAP QTS versions 4.2.0 Build 20160311 and Build 20160601 suffer from an OS command injection vulnerability.

tags | exploit
MD5 | 9e26dde1171f86656ce9a58974f31adf
QNAP QTS 4.2.1 Build 20160601 imbgName Parameter Command Injection
Posted Aug 18, 2016
Authored by Sebastian Nerz

QNAP QTS version 4.2.1 Build 20160601 suffers from an OS command injection vulnerability.

tags | exploit
MD5 | e29b1a48b8e56c05438069b5672031e8
NetIQ Access Manager iManager 2.7.7.6 / 2.7.7.5 Cross Site Scripting
Posted Aug 17, 2016
Authored by Micha Borrmann

NetIQ Access Manager iManager versions 2.7.7.5 and 2.7.7.6 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 122b37c25373344025612533ceaac6a3
VMware vSphere Hypervisor (ESXi) HTTP Response Injection
Posted Aug 5, 2016
Authored by Matthias Deeg

The SySS GmbH found out that the web server of VMware ESXi 6 is vulnerable to HTTP response injection attacks, as arbitrarily supplied URL parameters are copied in the HTTP header Location of the server response without sufficient input validation. Thus, an attacker can create a specially crafted URL with a specific URL parameter that injects attacker-controlled data to the response of the VMware ESXi web server. Depending on the context, this allows different attacks. If such a URL is visited by a victim, it may for example be possible to set web browser cookies in the victim's web browser, execute arbitrary JavaScript code, or poison caches of proxy servers.

tags | exploit, web, arbitrary, javascript
advisories | CVE-2016-5331
MD5 | ede1d4f2aa61104f3c3b4333be7aa391
NASdeluxe NDL-2400r 2.01.10 Command Injection
Posted Aug 4, 2016
Authored by Klaus Eisentraut

NASdeluxe NDL-2400r version 2.01.10 suffers from an OS command injection vulnerability.

tags | exploit
MD5 | a54e4ef9f9dbb4159433e8cb986c4c04
CHERRY B.UNLIMITED AES JD-0400EU-2/01 Crypto Issues / Replay Attacks
Posted Jul 30, 2016
Authored by Matthias Deeg, Gerhard Klostermeier

CHERRY B.UNLIMITED AES version JD-0400EU-2/01 suffers from cryptographic issues and replay attack vulnerabilities.

tags | exploit, vulnerability
MD5 | 8c597da97e25637517b491380da4f20e
Microsoft Wireless Desktop 2000 Insufficent Verification / Mouse Spoofing
Posted Jul 29, 2016
Authored by Matthias Deeg, Gerhard Klostermeier

Microsoft Wireless Desktop 2000 suffers from insufficient verification of data authenticity and mouse spoofing vulnerabilities.

tags | advisory, spoof, vulnerability
MD5 | b73986f6554a8d1cc61cf81fe43805d5
Perixx Computer PERIDUO-710W Keystroke Injection
Posted Jul 29, 2016
Authored by Matthias Deeg, Gerhard Klostermeier

Perixx Computer PERIDUO-710W suffers from cryptographic issues and keystroke injection vulnerabilities.

tags | advisory, vulnerability
MD5 | d7c52d85bb5b49cc8ba2df7470e40e92
Perixx Computer PERIDUO-710W Insufficient Protections
Posted Jul 29, 2016
Authored by Matthias Deeg, Gerhard Klostermeier

Perixx Computer PERIDUO-710W suffers from insufficient protection of code (firmware) and data (cryptographic key).

tags | exploit
MD5 | 893f9fb25ddb889ffc5c7e651bfda60d
Perixx Computer PERIDUO-710W Crypto Issues / Replay Attacks
Posted Jul 29, 2016
Authored by Matthias Deeg, Gerhard Klostermeier

Perixx Computer PERIDUO-710W suffers from cryptographic issues and replay attack vulnerabilities.

tags | advisory, vulnerability
MD5 | 5be987af40b71d5a2d3ad6e4b4b03329
Logitech K520 Crypto Issues / Replay Attacks
Posted Jul 29, 2016
Authored by Matthias Deeg, Gerhard Klostermeier

Logitech K520 keyboards suffer form cryptographic issues and insufficient protection against replay attacks.

tags | exploit
MD5 | bea8cd212923ab57d2182710fd2e5fa5
CHERRY B.UNLIMITED AES JD-0400EU-2/01 Keystroke Injection
Posted Jul 29, 2016
Authored by Matthias Deeg, Gerhard Klostermeier

CHERRY B.UNLIMITED AES version JD-0400EU-2/01 suffers from cryptographic issues and keystroke injection vulnerabilities.

tags | advisory, vulnerability
MD5 | 9d35173008df1e662621e74e12145316
CHERRY B.UNLIMITED AES JD-0400EU-2/01 Insufficient Protections
Posted Jul 29, 2016
Authored by Matthias Deeg, Gerhard Klostermeier

CHERRY B.UNLIMITED AES version JD-0400EU-2/01 suffers from insufficient protection of code (firmware) and data (cryptographic key).

tags | exploit
MD5 | a5bda9c4b73d8d0528c8893427361434
pgpdump 0.29 Endless Loop
Posted Apr 18, 2016
Authored by Klaus Eisentraut

pgpdump version 0.29 suffers from an endless loop parsing issue that can lead to a denial of service.

tags | exploit, denial of service
advisories | CVE-2016-4021
MD5 | f4739bd4089e0df8ccfdbdbbf64d29bf
Page 1 of 4
Back1234Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close