Archived articles for 2023
2023 Apr 25
In 2019 Pedro Umbelino and myself (Marco Lux) figured that we had made attempts to research DoS issues with the Service Location Protocol. Each of us stumbled by accident across that protocol. Myself during ongoing failures regarding an installation of an HP Printer to the local network and Pedro by skimming through RFCs.
Quickly we found that the results we had are common and decided to correlate the data to publish it in the near future. As it turned out, the near future was several years later. While collecting the evidence in 2023 we recognized the #ESXi attack by a random-ransomware group. We decided it is time to publish our results.
2023 Jan 27
Recently, at a rainy sunday, I used the opportunity to analyze a camera that was integrated into a sleek robotic shell. The manufacturer provided a brief instruction manual on how to set up and connect to the device. However, after observing the network traffic, I became intrigued and decided to delve deeper into the device.
Archived articles for 2017
2017 May 24
This is the second article about our small sniffing device where we focus on making our lives easier by creating a firmware image to shorten up the configuration process and abandon the need for an internet connection during setup.
2017 May 24
This tutorial shows how to use the broken authentication and find the support_user of an ALLNET ALLBM100VDSL2V modem.
2017 May 24
The Smartwares C935IP is an IP surveillance camera with night vision and motion detection. The camera can be configured to send an alarm email when motion is detected. Enabling this option makes it possible for an attacker to obtain login information from the used account.
2017 May 24
This Article describes how we found the SSL Vulnerability of the Smartwares C935IP camera. The camera is vulnerable to a MITM Attack using sslsplit. The test described can also be used for every device capable of networking, making it an easy to perform standard test.
2017 May 09
The web interface of the VDSL Client Modem ALL-BM100VDSL2 is vulnerable to CSRF. Because of this it is possible to add a new admin user.
2017 Apr 13
The web interface of the VDSL Client Modem ALL-BM100VDSL2 is vulnerable to reflected as well as persistent XSS. A privileged user account is required to exploit the persistent XSS vulnerability but this can be bypassed via CSRF.
2017 Apr 13
The authentication of the web interface of the VDSL Client Modem ALL-BM100VDSL2 relies on local IP addresses and can thus be bypassed by an attacker with access to the local network as long as any user is currently authenticated. Additionally, the system contains an undocumented default user with a hardcoded password who has root access to the device.
2017 Mar 24
pfsense is an open source firewall. The web interface is written in PHP. In version 2.3.2-RELEASE (amd64), the setup wizard is vulnerable to code execution. It should be noted that by default, only an administrator can access the setup wizard. By default, administrators have far-reaching permissions via the wizard and via other functionality. There are however some custom configurations where this vulnerability could lead to privilege escalation or undesired code execution.
2017 Mar 24
pfsense is an open source firewall. The web interface is written in PHP. In version 2.3.2-RELEASE (amd64), it is vulnerable to reflected XSS. XSS can lead to disclosure of cookies, session tokens etc.
2017 Mar 24
pfsense is an open source firewall. The web interface is written in PHP. In version 2.3.2-RELEASE (amd64), the actions of creating and deleting firewall rules are vulnerable to CSRF, enabling an Attacker to edit these rules with a little bit of social engineering.
2017 Mar 17
HumHub is a social media platform written in PHP. In version 0.20.1 as well as 1.0.0-beta.3, it is vulnerable to Code Execution as some functionality allows the uploading of PHP files. Successfull exploitation requires specific server settings. A user account is required as well, but registration is open by default.
2017 Mar 17
HumHub is a social media platform written in PHP. In version 1.0.1 and earlier, it is vulnerable to a reflected XSS attack if debugging is enabled, as well as a self-XSS attack. This allows an attacker to steal cookies, inject JavaScript keyloggers, or bypass CSRF protection.
2017 Feb 20
phplist is an application to manage newsletters, written in PHP. In version 3.2.6, it is vulnerable to reflected and persitent Cross Site Scripting vulnerabilities. The persistent XSS vulnerability is only exploitable by users with specific privileges and may be used for escalating privileges.
2017 Feb 20
phplist is an application to manage newsletters, written in PHP. In version 3.2.6, it is vulnerable to SQL injection. The application contains two SQL injections, one of which is in the administration area and one which requires no credentials. Additionally, at least one query is not properly protected against injections. Furthermore, a query in the administration area discloses some information on the password hashes of users.
2017 Feb 02
Elefant is a content managment system written in PHP. In version 1.3.12-RC, it is vulnerable to cross site request forgery. If a victim visits a website that contains specifically crafted code while logged into Elefant, an attacker can for example create a new admin account without the victims knowledge.
2017 Feb 02
Elefant is a content managment system written in PHP. In version 1.3.12-RC, it is vulnerable to multiple persistent as well as a reflected XSS issue. To exploit these vulnerabilities a user account is required most of the time but registration is open by default. XSS allows an attacker to steal cookies, inject JavaScript keyloggers, or bypass CSRF protection.
2017 Feb 02
Elefant is a content managment system written in PHP. In version 1.3.12-RC, it is vulnerable to various low to medium impact issues, namely open redirect, host header injection, and the leakage of password hashes. Open redirect and host header injection can be used for phishing attacks. The leakage of password hashes is restricted to users with an admin account.
2017 Feb 02
Elefant is a content managment system written in PHP. In version 1.3.12-RC, it is vulnerable to code execution because of two different vulnerabilities. It allows the upload of files with dangerous type, as well as PHP code injection. To exploit this a editor or admin account is required.
2017 Jan 27
This article will give a general overview over HTTP Strict Transport Security (HSTS) and discuss what attacks it tries to prevent, as well as how to use it correctly.
2017 Jan 26
Plone is an open source CMS written in python. In version 5.0.5, the Zope Management Interface (ZMI) component is vulnerable to reflected XSS as it does not properly encode double quotes.
2017 Jan 19
This is the first of three articles about a cute sniffing device which can be used for redteam assessments but normal day analysis as well. In this part we will focus of setting up the basics.
Archived articles for 2016
2016 Dec 20
Content Security Policy (CSP) is a HTTP header that can be used as defense in depth to mitigate certain types of attacks, especially Cross-site scripting (XSS) and Clickjacking. This article will explain when and how to use CSP.
2016 Dec 08
It is often assumed that allowing a site to be framed only has minor security implications. Clickjacking in particular is often associated with low-impact issues such as stealing Facebook likes.
This article will show that allowing a site to be framed may be a more potent attack vector than often assumed. Framing makes some vulnerabilities easier or more realistic to exploit. Clickjacking can be used for more than just stealing likes, and in some contexts Clickjacking can gain the full power of CSRF - albeit with more user interaction.
2016 Dec 01
Because modern browsers do not allow the execution of JavaScript via CSS, CSS Injection is often seen as very limited, with the main dangers being defacement by placing images into the vulnerable application, or performing very limited phishing attacks by placing additional content in places a user would not expect user-controlled data to show. This article will show that it is possible to use CSS Injections to read out secret data in a vulnerable web application, independent of the browser used by the victim. With a successful attack, it would for example be possible to read out an anti-CSRF token and thus to perform CSRF attacks.
2016 Nov 24
In this article we are going to have a closer look on a Smart Plug from TP-Link together with its control app. In the process of investigating the product, we reverse engineered the firmware and the app, managed to control the Smart Plug and steal login credentials.
2016 Nov 10
MyLittleForum is forum software written in PHP. In version 2.3.6.1, it is vulnerable to reflected cross site scripting as well as relative path overwrite. XSS can be used to steal cookies, inject JavaScript keyloggers, or bypass CSRF protection, and RPO may lead to CSS injection.
2016 Nov 10
SPIP is a content management system written in PHP. In version 3.1, it is vulnerable to a persistent as well as reflected cross site scripting vulnerability as it allows users to enter URLs containing the JavaScript protocol, which an attacker can exploit to steal cookies, inject JavaScript keylogger, or bypass CSRF protection. Additionally, it contains a Host Header Injection which may lead to the leakage of password reset tokens and thus the compromisation of user accounts. Finally, the application discloses httpOnly cookies, making exploitation of XSS issues slightly easier.
2016 Nov 10
Mezzanine is an open source CMS written in python. In version 4.2.0, it is vulnerable to two persistent XSS attacks, one of which requires extended privileges, the other one does not. These issues allow an attacker to steal cookies, inject JavaScript keyloggers, or bypass CSRF protection.
2016 Nov 10
MyLittleForum is forum software written in PHP. In version 2.3.6.1, it is vulnerable to cross site request forgery. An attacker could exploit this issue to add new users or change the status of existing users to administrator if a victim visits a website containing a specifically crafted payload while logged into MyLittleForum.
2016 Nov 10
MoinMoin is an open source Wiki application written in python. In version 1.9.8, it is vulnerable to two persistent XSS issues. This allows an attacker to steal cookies, inject JavaScript keyloggers, or bypass CSRF protection.
2016 Nov 10
Lepton is a content management system written in PHP. In version 2.2.2, it is vulnerable to multiple SQL injections. The injections require a user account with elevated privileges.
2016 Nov 10
Lepton is a content management system written in PHP. In version 2.2.2, it contains various low to medium impact issues. The functionality that operates on files and folders is vulnerable to CSRF which may lead to XSS, the logout is vulnerable to Open Redirect, the in-build bruteforce protection can be easily bypassed, and passwords are hashed with md5 and send out via email in plaintext.
2016 Nov 10
Lepton is a content management system written in PHP. In version 2.2.2, it is vulnerable to code execution as it is possible to upload files with dangerous type via the media manager.
2016 Nov 10
Jaws is a content management system written in PHP. In version 1.1.1, it is vulnerable to code execution as it allows the upload of files with a dangerous type. An account with extended privileges is required.
2016 Nov 10
FUDforum is forum software written in PHP. In version 3.0.6, it is vulnerable to multiple persistent XSS issues. This allows an attacker to steal cookies, inject JavaScript keyloggers, or bypass CSRF protection. Additionally, FUDforum is vulnerable to Login-CSRF.
2016 Nov 10
Jaws is a content management system written in PHP. In version 1.1.1, it is vulnerable to various low to medium impact issues. It contains an Object Injection, which does not seem to be currently exploitable without custom changes made by users; its session cookies are not set to httpOnly, which may make it easier to exploit XSS issues; and it contains an Open Redirect issue.
2016 Nov 10
FUDforum is forum software written in PHP. In version 3.0.6, it is vulnerable to local file inclusion. This allows an attacker to read arbitrary files that the webuser has access to.
Admin credentials are required.
2016 Nov 03
This article will provide a short overview of the security implications of treating POST and GET requests interchangeably, thus allowing a POST to GET downgrade. It will conclude with possible solutions.
2016 Sep 15
Peel Shopping is ecommerce software written in PHP. In version 8.0.2, it is vulnerable to Object Injection.
Peel Shopping stores a PHP object in a cookie, which is then unserialized when received by the application. An attacker can send arbitrary PHP objects, and has thus a limited influence on the control flow of the application. This can for example lead to DOS attacks by creating an infinite loop.
2016 Sep 15
Kajona is an open source CMS written in PHP. In version 4.7, it is vulnerable to multiple XSS attacks and limited directory traveral.
The XSS vulnerabilities are reflected as well as persistent, and can lead to the stealing of cookies, injection of keyloggers, or the bypassing of CSRF protection.
The directory travseral issue gives information about which files exist on a system, and thus allows an attacker to gather information about a system.
2016 Sep 15
MyBB 1.8.6 is vulnerable to login CSRF. Additionally, it stores passwords using weak hashing, and sends passwords via email in plaintext.
2016 Sep 15
MyBB is forum software written in PHP. In version 1.8.6, it contains various XSS vulnerabilities, some of which are reflected and some of which are persistent. Some of them depend on custom forum or server settings.
These issues may lead to the injection of JavaScript keyloggers, injection of content such as ads, or the bypassing of CSRF protection, which would for example allow the creation of a new admin user.
2016 Sep 15
MyBB is forum software written in PHP. In version 1.8.6, it is vulnerable to a second order SQL injection by an authenticated admin user, allowing the extraction of data from the database.
2016 Sep 15
MyBB is forum software written in PHP. In version 1.8.6, it improperly validates templates that are passed to eval, allowing for the disclosure of the database password. If the database is writable from remote, it may also lead to code execution.
An admin account is required.
2016 Sep 15
Oxwall is a social networking software written in PHP. In version 1.8.0, it is vulnerable to multiple XSS attacks and a persistent open redirect.
The XSS vulnerabilities are reflected as well as persistent, and can lead to the stealing of cookies, injection of keyloggers, or the bypassing of CSRF protection.
2016 Sep 06
Die Curesec GmbH berät Unternehmen bei der Umsetzung sicherer IT-Systeme. Wir bieten Schwachstellenanalysen von Umgebung und Applikationen, z.B. in Onlineshops, Firmennetzwerken, Applikationen und externen Devices, um Unternehmens- und Kundendaten vor schädlichem Zugriff abzusichern.
2016 Mar 15
Zenphoto is vulnerable to remote file inclusion. An admin account is required.
2016 Mar 15
PivotX is vulnerable to reflected XSS.
2016 Mar 15
PivotX is vulnerable to Directory Traversal, allowing authenticated users to read and delete files outside of the PivotX directory.
2016 Mar 15
PivotX is vulnerable to code execution by authenticated users as it does not check the extension of files when renaming them.
2016 Mar 15
BigTree 4.2.8 is vulnerable to object injection. The impact on the CMS itself is rather small, but installed plugins may increase the risk the vulnerability poses.
2016 Feb 01
There are various HTML Injection vulnerabilities in opendocman 1.3.4, leading to XSS, Phishing, and Privilege Escalation.
2016 Feb 01
Opendocman 1.3.4 does not have CSRF protection, allowing an attacker to execute actions for a victim - for example adding a new admin user.
2016 Feb 01
There are various XSS vulnerabilities in Atutor 2.2.
2016 Jan 28
There is an SQL injection in Bigace. A user account with the lowest privilege level is required.
2016 Jan 28
Bigace 3.0 allows the uploading of media file, but there is no verification, allowing the upload of PHP files by editors and administrators.
2016 Jan 28
There are multiple XSS vulnerabilities in DYNPG 4.6.
2016 Jan 28
DYNPG 4.6 does not have CSRF protection, allowing an attacker to execute actions for a victim - for example adding a new admin user. In this case, this may lead to code execution by allowing the upload of PHP files.
2016 Jan 28
There is a reflected XSS vulnerability in Wolf CMS v0.8.3.1.
2016 Jan 28
There is a code execution vulnerability in Wolf CMS v0.8.3.1. A user account with the Editor role is required.
2016 Jan 28
There are multiple XSS vulnerabilities in Xoops 2.5.7.1.
2016 Jan 28
There is a Blind SQL Injection vulnerability in Xoops 2.5.7.1. An admin account is required to exploit this issue.
2016 Jan 28
There is a code execution vulnerability in Xoops 2.5.7.1. An admin account is required to exploit this issue, but the request is not protected against CSRF.
Archived articles for 2015
2015 Dec 21
PhpSocial v2.0.0304 is vulnerable to persistent XSS.
2015 Dec 21
PhpSocial v2.0.0304 does not have CSRF protection, allowing an attacker to execute actions for a victim - for example adding a new admin user.
2015 Dec 21
There is a reflected XSS vulnerability in Arastta 1.1.5.
2015 Dec 21
There are two SQL Injections in Arastta 1.1.5, which both require a user with special privileges to trigger.
2015 Dec 21
Grawlix 1.0.3 has multiple reflected XSS vulnerabilities.
2015 Dec 21
Grawlix 1.0.3 does not have CSRF protection, allowing an attacker to execute actions for a victim - for example changing the password of an admin user.
2015 Dec 21
Grawlix 1.0.3 does not check the file type or extension when an admin uploads an icon, leading to code execution.
2015 Dec 21
There are two reflected XSS and one open redirect vulnerability in CouchCMS 1.4.5.
2015 Dec 21
The file extension whitelist of CouchCMS 1.4.5 misses pht, which may lead to code execution under certain circumstances.
2015 Dec 21
There is a reflected XSS vulnerability in the search of esoTalk 1.0.0g4.
2015 Dec 02
There are multiple XSS vulnerabilities in 4images 1.7.12.
2015 Dec 02
There is an SQL Injection vulnerability in the admin area of 4images 1.7.11.
2015 Dec 02
There is a Path Traversal vulnerability in the admin area of 4images 1.7.11 which allows the reading of arbitrary files.
2015 Dec 02
2015 Dec 02
There is a code execution vulnerability in the admin area of 4images 1.7.11.
2015 Dec 02
There is an XSS vulnerability in CodoForum 3.4.
2015 Dec 02
There is a CSRF vulnerability in phpwcms 1.7.9.
2015 Dec 02
There are two Code Execution vulnerabilities in phpwcms 1.7.9. A registered user is required to exploit these issues.
2015 Dec 02
There is a reflected XSS vulnerability in the installation script of Geeklog 2.1.0.
2015 Dec 02
2015 Dec 02
There are two code execution vulnerability in the admin area of Geeklog 2.1.0.
2015 Dec 02
There is a persistent XSS vulnerability in redaxscript 2.5.0. It requires the victim to hover over a link to trigger.
2015 Dec 02
There is a Code Execution vulnerability in the admin area of redaxscript 2.5.0.
2015 Dec 02
There are two reflected XSS vulnerabilities in appRain 4.0.3.
2015 Dec 02
There is a Path Traversal vulnerability in appRain 4.0.3.
2015 Dec 02
None of the forms of appRain 4.0.3 have CSRF protection.
2015 Dec 02
appRain 4.0.3, Code Execution, vulnerability, advisory
2015 Nov 13
There is an SQL Injection vulnerability in the admin area of AlegroCart 1.2.8.
2015 Nov 13
There is an LFI/RFI vulnerability in the admin area of AlegroCart 1.2.8.
2015 Nov 13
There are multiple XSS vulnerabilities in LiteCart 1.3.2.
2015 Nov 13
There are multiple XSS vulnerabilities in ClipperCMS 1.3.0.
2015 Nov 13
There are multiple SQL Injection vulnerabilities in ClipperCMS 1.3.0.
2015 Nov 13
There is a Path Traversal vulnerability in ClipperCMS 1.3.0
2015 Nov 13
ClipperCMS 1.3.0 has as only CSRF protection a referer check, which can be disabled by an admin.
2015 Nov 13
2015 Nov 13
There is a Code Execution vulnerability in ClipperCMS 1.3.0
2015 Nov 13
There is a persistent XSS vulnerability in dotclear 2.8.1.
2015 Nov 13
There is a Code Execution vulnerability in dotclear 2.8.1.
2015 Nov 13
There are two reflected XSS vulnerabilities in Open Source Social Network 3.5.
2015 Nov 13
There is a reflected XSS vulnerability in Sitemagic CMS 4.1.
2015 Nov 13
There is a reflected XSS vulnerability in Thelia 2.2.1.
2015 Nov 13
There are two XSS vulnerabilities in TomatoCart v1.1.8.6.1.
2015 Nov 13
There are two Code Execution vulnerabilities in TomatoCart v1.1.8.6.1.
2015 Nov 13
2015 Nov 04
There is a Code Execution vulnerability in the admin area of XCart 5.2.6.
2015 Nov 04
There is a Path Traversal vulnerability in the admin area of XCart 5.2.6. It makes it possible to list directories and download arbitrary files.
2015 Nov 04
There are multiple XSS vulnerabilities in XCart 5.2.6.
2015 Oct 07
There are multiple XSS vulnerabilities in TheHostingTool 1.2.6.
2015 Oct 07
There are multiple SQL Injection vulnerabilities in the admin area of TheHostingTool 1.2.6.
2015 Oct 07
There is a Code Execution vulnerability in the admin area of TheHostingTool 1.2.6.
2015 Oct 07
There are multiple XSS vulnerabilities in Quick.Cart 6.6.
2015 Oct 07
There are multiple CSRF vulnerabilities in Quick.Cart 6.6.
2015 Oct 07
There are multiple XSS vulnerabilities in the admin area of CubeCart 6.0.7.
2015 Oct 07
There is a Code Execution vulnerability in the admin area of CubeCart 6.0.7.
2015 Oct 07
There is an XSS vulnerability in Supercali Event Calendar 1.0.8. This issue has not been fixed.
2015 Oct 07
There is no CSRF protection in Supercali Event Calendar 1.0.8.
2015 Oct 07
There are multiple XSS vulnerabilities in SQLiteManager 1.2.4. This issue has not been fixed.
2015 Oct 07
OpenCart 2.0.3.1 does not have CSRF protection for customers.
2015 Oct 07
MyWebSQL 3.6 does not have CSRF protection.
2015 Oct 07
There is an XSS vulnerability in MiniBB 3.1.1.
2015 Oct 07
There is an XSS vulnerability in Chyrp CMS 2.5.2. This issue has not been fixed.
2015 Oct 07
There is an XSS vulnerability in SQL Buddy 1.3.3. This issue has not been fixed.
2015 Oct 07
The CSRF protection in SQL Buddy 1.3.3. does not work properly. This issue has not been fixed.
2015 Oct 07
In this article we will download, configure and install Pulledpork and also create a cronjob for automatic rule update while you bother with more important things of your life.
2015 Oct 07
There is a Code Execution vulnerability in the admin area of Pligg CMS 2.0.2. It can be exploited via CSRF. This issue has not been fixed.
2015 Oct 07
There is a Directory Traversal vulnerability in the admin area of Pligg CMS 2.0.2. This issue has not been fixed.
2015 Oct 07
There is a Code Execution vulnerability in the admin area of Pligg CMS 2.0.2. It can be exploited via CSRF. This issue has not been fixed.
2015 Oct 05
How to install Snort and Barnyard2 for Debian and Arch-Linux.
2015 Sep 14
ZeusCart 4.0 does not have CSRF protection. Because of this, it is for example possible to add additional admin accounts. This issue has not been fixed.
2015 Sep 14
There is an arbitrary file upload vulnerability in the admin area of ZeusCart 4.0. This issue has not been fixed.
2015 Sep 14
There are multiple SQL Injection vulnerabilities in ZeusCart 4.0. This issue has not been fixed.
2015 Sep 14
There is an XSS vulnerability in ZeusCart 4.0. This issue has not been fixed.
2015 Sep 14
There is an arbitrary file upload vulnerability in the admin area of Zen Cart 1.5.4 as well as an information leak. This issue has only been partially fixed.
2015 Sep 14
There is an XSS vulnerability in Anchor CMS 0.9.2. The issue is not yet fixed.
2015 Sep 01
There is a Blind SQL Injection vulnerability in the admin area of Serendipity 2.0.1.
2015 Sep 01
There is a Persistent XSS vulnerability in Serendipity 2.0.1 when using the default 2k11 theme. It requires a click to trigger.
2015 Sep 01
There is a code execution vulnerability in Serendipity 2.0.1. It requires a registered user to exploit.
2015 Sep 01
There is a Code Execution vulnerability in the admin area of NibbleBlog 4.0.3. The issue is not yet fixed.
2015 Sep 01
There is a CSRF vulnerability in NibbleBlog 4.0.3 which can lead to the creating of new posts and thus XSS. The issue is not yet fixed.
2015 Aug 17
When running on IIS, Phorum 5.2.19 is open to cross site scripting. Additionally, there is an open redirect vulnerability that is not restricted to any operating system.
2015 Aug 17
The file editor of the admin area of Bolt 2.2.4 allows for the editing of file extensions, which leads to code execution once an attacker has gained admin credentials.
2015 Aug 17
There is an XSS vulnerability in version 2.3.5 of ModX. As of now, this issue has not been fixed.
2015 Aug 07
There are two SQL injection vulnerabilities in CodoForum, one of which does not require the attacker to be authenticated.
2015 Aug 07
There are multiple reflected cross site scripting vulnerabilities in version 3.3.1 of CodoForum.
2015 Aug 07
There are multiple SQL injection vulnerabilities in the admin area of version 4.2.3 of the BigTree CMS.
2015 Aug 07
There are multiple reflected cross site scripting vulnerabilities in version 4.2.3 of BigTree CMS.
Archived articles for 2014
2014 Jul 04
This bug is similar to CVE-2013-6272 but is only exploitable on older Android versions. The bug exists in the component com.android.contacts.
2014 Jul 04
We conducted a deep investigation of android components and created some CVEs plus reporting Bugs to the Android Security Team in late 2013. Today we want publish one reported and one similar vulnerability.
2014 Jun 03
Marco went to Miami to give two talks at the Be Mobile Conference of Blackberry.
2014 May 15
On may 7th, Marco gave a presentation at the BSI Cyber-Alliance conference about heartbleed.
2014 May 02
The Heartbleed bug is a programming error in the versions 1.0.1 to 1.0.1f of the open-source OpenSSL cryptography library. Curesec has published hbad, a Heartbleed client side tool to check for this critical security gap.
2014 Apr 09
Two days ago a critical security gap in one of the most common encryption protocolls (SSL) named „Heartbleed“ was published. We offer a free checkup to our clients!
2014 Mar 05
Nsdtool is a toolset of scripts used to detect netgear switches in local networks.
Archived articles for 2013
2013 Dec 05
Various components of the LiveZilla application are vulnerable to cross site scripting. An attacker can hijack an operator with cross site scripting.
2013 Dec 05
An 1click file that allows an admin to log into LiveZilla using a mouse click is saved in a xml representation. This xml file includes the admin username and password in plaintext.
2013 Nov 27
This vulnerability enables any rogue app at any time to remove all existing device locks activated by a user. Furthermore we have created an app to demonstrate the issue. You can choose two options, remove all locks right away or remove them at a defined time.
2013 Nov 15
On Windows systems with PHP versions installed that allow null bytes in the URL it is possible to turn a local file inclusion vulnerability to a full remote code execution vulnerability.
2013 Oct 02
Curesec has turned two years old! As a birthday present we have moved into our new office! 165sqm space for the security enthusiasts!
2013 Sep 16
In this report we would like to point out how the rootkit infects a system, how it operates and what kind of anti-reversing and anti-debugging techniques are in place.
2013 Sep 10
We are back with a great blogpost. This time about data exfiltration using ping, packed together as a simple backdoor-like code. The technique may work in generell for linux and windows as well, however the main target and interest was Android.
2013 Aug 06
welt.de and morgenpost.de published an article about vulnerabilities in industrial facilities in august 2013. The article is in german only.
2013 Aug 03
In july 2013 we published a way to abuse the popular chat software Whatsapp to get payment information from google wallet and Paypal.
2013 Jul 24
This vulnerability can be used to get payment credentials for Google Wallet and Paypal by abusing the popular application Whatsapp.
2013 Jul 09
Today, we will show a bug concerning OpenSSH. OpenSSH is the most used remote control software nowadays on *nix like operating systems. Legacy claims it replaced unencrypted daemons like rcp, rsh and telnet. Find a version at: https://www.openssh.com.
2013 Jul 01
In Part 1 of the analysis we have seen a first description of the dropper and how to extract the executeable placed in the file. To move forward with work we dumped the memory with the decrypted virus body and continued the analysis.
2013 Jun 20
Curesec took a part in this year conference of the so called alliance for cyber security by the German federal agency for security in IT-Technology.
2013 Jun 18
Some days ago we received an email with a double zipped dropper agent included. We decided to start an analysis. This is the first part with our results, in this blogpost we only focus on the dropper itself.
Archived articles for 2012
2012 Jul 16
This time I will focus on FreeBSD kernel developement. The recent stable version of FreeBSD is 9.0, but for this example we will use a version 8.1 with i386 architecture.
2012 Feb 25
Wir bei Curesec haben uns mit Direct Memory Access (DMA) als Angriffsvektor auf Rechner beschäftigt. Dies haben wir vor allem getan, um die Sicherheit unserer eigenen Rechner entsprechend sicherstellen zu können. Dieser Blogartikel stellt die Ergebnisse dieser Untersuchung vor.
