what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

ABUS Secvest Hybrid Module FUMO50110 Authentication Bypass
Posted Jul 31, 2020
Authored by Matthias Deeg, Thomas Detert, Michael Ruttgers

ABUS Secvest Hybrid module (FUMO50110) suffers an authentication bypass vulnerability. The hybrid module does not have any security mechanism that ensures confidentiality or integrity of RF packets that are exchanged between the ABUS Secvest alarm panel and the ABUS Secvest Hybrid module. Thus, an attacker can spoof messages of the ABUS Secvest Hybrid module based on sniffed status RF packets that are issued by the ABUS Secvest Hybrid module on a regularly basis (~2.5 minutes).

tags | advisory, spoof, bypass
advisories | CVE-2020-14158
MD5 | 164e9f6290e63311d3c3156fd7ad2815

Related Files

Olympia Protect 9061 Replay Attack
Posted Nov 23, 2016
Authored by Matthias Deeg

Olympia Protect 9061 article number 5943 revision 03 suffers from missing protection against replay attacks.

tags | advisory
MD5 | aef9f3339073a9ee80368ab5ac42e3e2
EASY HOME Alarmanlagen-Set MAS-S01-09 Replay Attack
Posted Nov 23, 2016
Authored by Matthias Deeg

EASY HOME Alarmanlagen-Set MAS-S01-09 suffers from missing protection against replay attacks.

tags | advisory
MD5 | f93defe9672b26e5f08c198f16c16202
Aruba Networks AOS 6.3.1.19 Improper Authentication
Posted Nov 7, 2016
Authored by Klaus Tichmann

Arube Networks AOS version 6.3.1.19 has a special key combination that escalates privileges.

tags | exploit
MD5 | c0b48fc6ed5cdedcdbcf09f11d610209
Targus Multimedia Presentation Remote AMP09-EU Mouse Spoofing
Posted Oct 12, 2016
Authored by Matthias Deeg

Targus Multimedia Presentation Remote model AMP09-EU suffers from insufficient verification of data authenticity and mouse spoofing attack vulnerabilities.

tags | advisory, remote, spoof, vulnerability
MD5 | 6ddd04dc3e625005fec6be102a675258
Logitech Wireless Presenter R400 R-R0008 Keystroke Injection
Posted Oct 12, 2016
Authored by Matthias Deeg

Logitech Wireless Presenter R400 model R-R0008 suffers from insufficient verification of data authenticity and keystroke injection vulnerabilities.

tags | advisory, vulnerability
MD5 | dbe8fd1e60b09a5f24e994b8e0d1ce84
Microsoft Wireless Desktop 2000 Cryptography Issues
Posted Oct 11, 2016
Authored by Matthias Deeg, Gerhard Klostermeier

Microsoft Wireless Desktop 2000 version A suffers from cryptographic issues and replay attacks.

tags | advisory
MD5 | 54d372628a150a3fca1374e2a5247216
Wireless Keyboard Set LX901 GK900 Replay Attack
Posted Oct 10, 2016
Authored by Matthias Deeg, Gerhard Klostermeier

Wireless Keyboard Set LX901 model GK900 is missing protection against replay attacks.

tags | advisory
MD5 | b2e2f5586748b67b748f9ac80253a72f
Microsoft Wireless Desktop 2000 Insufficent Protection
Posted Oct 10, 2016
Authored by Matthias Deeg, Gerhard Klostermeier

Microsoft Wireless Desktop 2000 version A suffers from insufficient protection of code (firmware) and data (cryptographic key).

tags | advisory
MD5 | b8100d53ca3844d785d9989a182491f2
Perixx PERIDUO-710W KG-1027 Spoof Attack
Posted Sep 30, 2016
Authored by Matthias Deeg, Gerhard Klostermeier

The Perixx PERIDUO-710W KG-1027 mouse suffers from insufficient verification of data authenticity allowing for a spoofing attack.

tags | advisory, spoof
MD5 | 786794983fa22e6d262be85e6012d757
CHERRY B.UNLIMITED AES JD-0400EU-2/01 Spoof Attack
Posted Sep 30, 2016
Authored by Matthias Deeg, Gerhard Klostermeier

The CHERRY B.UNLIMITED AES JD-0400EU-2/01 mouse suffers from insufficient verification of data authenticity allowing for a spoofing attack.

tags | advisory, spoof
MD5 | 6c60fa01fe36c0ed55e8b489eff1ab20
Logitech M520 Y-R0012 Spoof Attack
Posted Sep 30, 2016
Authored by Matthias Deeg, Gerhard Klostermeier

The Logitech M520 Y-R0012 mouse suffers from insufficient verification of data authenticity allowing for a spoofing attack.

tags | advisory, spoof
MD5 | 24cbc381780c56dd465a278120f568d4
QNAP QTS 4.2.1 Build 20160601 Command Injection
Posted Aug 19, 2016
Authored by Sebastian Nerz

QNAP QTS version 4.2.1 Build 20160601 suffers from an OS command injection vulnerability.

tags | exploit
MD5 | ace19a62545b37f4a813b7be306dce28
QNAP QTS 4.2.0 Build 20160311 / Build 20160601 Cross Site Scripting
Posted Aug 19, 2016
Authored by Sebastian Nerz

QNAP QTS versions 4.2.0 Build 20160311 and Build 20160601 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | d3a7b03c567b1023730da30c4adf2839
QNAP QTS 4.2.1 Build 20160601 Cross Site Scripting
Posted Aug 19, 2016
Authored by Sebastian Nerz

QNAP QTS version 4.2.1 Build 20160601 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 560c4f140a90df0f128a31479972fd20
QNAP QTS 4.2.1 Build 20160601 Lang Parameter Command Injection
Posted Aug 18, 2016
Authored by Sebastian Nerz

QNAP QTS version 4.2.1 Build 20160601 suffers from an OS command injection vulnerability.

tags | exploit
MD5 | 25f785c2dc38d05ac7d90d295f4d3936
QNAP QTS 4.2.1 Build 20160601 Arbitrary File Overwrite
Posted Aug 18, 2016
Authored by Sebastian Nerz

QNAP QTS version 4.2.1 Build 20160601 suffers from an arbitrary file overwrite vulnerability.

tags | exploit, arbitrary
MD5 | 62ec2dc1f2f99cb1ed2d9aba701f83a1
QNAP QTS 4.2.0 Build 20160311 / Build 20160601 Cross Site Scripting
Posted Aug 18, 2016
Authored by Sebastian Nerz

QNAP QTS versions 4.2.0 Build 20160311 and Build 20160601 suffer from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | 3f28a24c387fe7851160ca0790cb9e71
QNAP QTS 4.2.0 Build 20160311 / Build 20160601 Command Injection
Posted Aug 18, 2016
Authored by Sebastian Nerz

QNAP QTS versions 4.2.0 Build 20160311 and Build 20160601 suffer from an OS command injection vulnerability.

tags | exploit
MD5 | 9e26dde1171f86656ce9a58974f31adf
QNAP QTS 4.2.1 Build 20160601 imbgName Parameter Command Injection
Posted Aug 18, 2016
Authored by Sebastian Nerz

QNAP QTS version 4.2.1 Build 20160601 suffers from an OS command injection vulnerability.

tags | exploit
MD5 | e29b1a48b8e56c05438069b5672031e8
NetIQ Access Manager iManager 2.7.7.6 / 2.7.7.5 Cross Site Scripting
Posted Aug 17, 2016
Authored by Micha Borrmann

NetIQ Access Manager iManager versions 2.7.7.5 and 2.7.7.6 suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 122b37c25373344025612533ceaac6a3
VMware vSphere Hypervisor (ESXi) HTTP Response Injection
Posted Aug 5, 2016
Authored by Matthias Deeg

The SySS GmbH found out that the web server of VMware ESXi 6 is vulnerable to HTTP response injection attacks, as arbitrarily supplied URL parameters are copied in the HTTP header Location of the server response without sufficient input validation. Thus, an attacker can create a specially crafted URL with a specific URL parameter that injects attacker-controlled data to the response of the VMware ESXi web server. Depending on the context, this allows different attacks. If such a URL is visited by a victim, it may for example be possible to set web browser cookies in the victim's web browser, execute arbitrary JavaScript code, or poison caches of proxy servers.

tags | exploit, web, arbitrary, javascript
advisories | CVE-2016-5331
MD5 | ede1d4f2aa61104f3c3b4333be7aa391
NASdeluxe NDL-2400r 2.01.10 Command Injection
Posted Aug 4, 2016
Authored by Klaus Eisentraut

NASdeluxe NDL-2400r version 2.01.10 suffers from an OS command injection vulnerability.

tags | exploit
MD5 | a54e4ef9f9dbb4159433e8cb986c4c04
CHERRY B.UNLIMITED AES JD-0400EU-2/01 Crypto Issues / Replay Attacks
Posted Jul 30, 2016
Authored by Matthias Deeg, Gerhard Klostermeier

CHERRY B.UNLIMITED AES version JD-0400EU-2/01 suffers from cryptographic issues and replay attack vulnerabilities.

tags | exploit, vulnerability
MD5 | 8c597da97e25637517b491380da4f20e
Microsoft Wireless Desktop 2000 Insufficent Verification / Mouse Spoofing
Posted Jul 29, 2016
Authored by Matthias Deeg, Gerhard Klostermeier

Microsoft Wireless Desktop 2000 suffers from insufficient verification of data authenticity and mouse spoofing vulnerabilities.

tags | advisory, spoof, vulnerability
MD5 | b73986f6554a8d1cc61cf81fe43805d5
Perixx Computer PERIDUO-710W Keystroke Injection
Posted Jul 29, 2016
Authored by Matthias Deeg, Gerhard Klostermeier

Perixx Computer PERIDUO-710W suffers from cryptographic issues and keystroke injection vulnerabilities.

tags | advisory, vulnerability
MD5 | d7c52d85bb5b49cc8ba2df7470e40e92
Page 1 of 4
Back1234Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    0 Files
  • 2
    Aug 2nd
    0 Files
  • 3
    Aug 3rd
    0 Files
  • 4
    Aug 4th
    0 Files
  • 5
    Aug 5th
    0 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close