:Sebastian Auwärter, SySS GmbH
~~~
~
Overview:
Tiiwee X1 Alarm System is an alarm system which contains a base station
and
various components like motion detectors, door sensors and remotes. The
components communicate
ing (CWE-79)
Risk Level: Medium
Solution Status: Fixed
Manufacturer Notification: 2020-07-23
Solution Date: 2020-07-31
Public Disclosure: 2020-08-03
CVE Reference: CVE-2020-15944
Author of Advisory: Sebastian Auwaerter, SySS GmbH
nt (CWE-269)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2020-07-23
Solution Date: 2020-07-30
Public Disclosure: 2020-08-03
CVE Reference: CVE-2020-15943
Author of Advisory: Sebastian Auwaerter, SySS GmbH
].
# PoC
>
>fill="rgb(0%)"/>
>
> $> ./test poc.svg
> *** stack smashing detected ***: terminated
> fish: “./test poc.svg” terminated by signal SIGABRT (Abort)
# Timeline
- Lat
ttack:
GET /reboot HTTP/1.1
Host:
Author
==
The vulnerabilities were discovered by Sebastian Neuner
(@sebastian9er) from the Google Security Team.
Timeline
2018/05/10 - Security report sent to KONE security.
2018/05/11 - KONE acknowledges the report and starts working on the i
-
XSS Protection HTTP Header
The XSS Filter is a feature that is built into modern web browsers and is
meant to prevent reflective Cross Site Scripting attacks. This feature can
be explicitly turned on (and also off) by using the HTTP header
X-XSS-Protection.
X-Content-Ty
reflective Cross Site Scripting attacks. This
feature can be explicitly turned on (and also off) by using the HTTP header
X-XSS-Protection.X-Content-Type HeaderTo make MIME type confusion attacks
harder, the HTTP header X-Content-Type-Options can be set. This header
prevents trusting the user provi
[Product Description]
Plone is a free and open source content management system built on
top of the Zope application server. Plone is positioned as an
"Enterprise CMS" and is most commonly used for intranets and as part
of the web presence of large organizations
[Systems Affected]
Product
clone the router, identify
against at an TR069 Server,
grab the config from the TR069 provisioning-server and setup a clone oft he
official customer router.
Am i right or do miss something in this idea???
Mit freundlichen Grüßen,
Sebastian Michel
ProNet
ldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Greetings,
Sebastian Kaim
--
A great many of today's security technologies are "secure" only because
no-one has ever bothered attacking them.
-- Peter Gutmann
___
Se
Am 2016-04-14 16:19, schrieb Reindl Harald:
Am 14.04.2016 um 00:54 schrieb Sebastian:
[...]
That's true. But the keygen element is flawed by the known-broken CA
system(*) and you can't build a secure house on a broken foundation.
You
could check whether the certificate for yo
'm trying to say is that even though me, you and some others
aren't happy about it, unless there is a really big con we all didn't
see its time for a post mortem.
Greetings,
Sebastian
Am 2016-04-13 22:05, schrieb Árpád Magosányi:
On 04/13/2016 05:09 PM, Sebastian wrote:
Hey,
t. The web would hardly be less secure, same as if we'd drop SQRL:
Yes, it's pretty secure as far as I can tell, but who is using it and
would therefore be less secure anyway?
Here's a related discussion:
https://groups.google.com/forum/#!msg/mozilla.dev.platform/pAUG2VQ6xfQ/FKX6
[Systems Affected]
Product : ManageEngine Password Manager Pro
Company : ZOHO Corp.
Build Number : 8.1 to 8.3 and probably earlier versions
Affected Versions : 8102 to 8302 and probably earlier versions
[Product Description]
Password Manager Pro is a secure vault for storing and ma
[System Affected]
Thomson Router
HW Revision 2.0
VENDOR Thomson
BOOT Revision 2.1.7i
MODEL TWG850-4U
Software Version ST9D.01.09
Serial Number 00939902404041
Firmware Name TWG850-4U-9D.01.09-100528-S-001.bin
[Vulnerabilities]
1- Cross-Site Request Forgery
2- Unauthenticated access to resources
3-
[Systems Affected]
Product : Confluence
Company : Atlassian
Versions (1) : 5.2 / 5.8.14 / 5.8.15
CVSS Score (1) : 6.1 / Medium (classified by vendor)
Versions (2) : 5.9.1 / 5.8.14 / 5.8.15
CVSS Score (2) : 7.7 / High (classified by vendor)
[Product Description]
Confluence is team collaboration so
16 matches
Mail list logo
