2015 Aug 07
BigTree CMS 4.2.3: Multiple Cross Site Scripting Vulnerabilities
There are multiple reflected cross site scripting vulnerabilities in version 4.2.3 of BigTree CMS.
Recent Curesec Publications
2014 Jul 04
CVE-2014-N/A com.android.contacts
This bug is similar to CVE-2013-6272 but is only exploitable on older Android versions. The bug exists in the component com.android.contacts.
2014 Jul 04
CVE-2013-6272 com.android.phone
We conducted a deep investigation of android components and created some CVEs plus reporting Bugs to the Android Security Team in late 2013. Today we want publish one reported and one similar vulnerability.
2014 Jun 03
Cybercrime insights @Be Mobile Conference of Blackberry
Marco went to Miami to give two talks at the Be Mobile Conference of Blackberry.
2014 May 15
Presentation on Heartbleed @BSI Cyber-Alliance conference
On may 7th, Marco gave a presentation at the BSI Cyber-Alliance conference about heartbleed.
2014 May 02
Heartbleed analysis daemon published
The Heartbleed bug is a programming error in the versions 1.0.1 to 1.0.1f of the open-source OpenSSL cryptography library. Curesec has published hbad, a Heartbleed client side tool to check for this critical security gap.
2014 Apr 09
"Heartbleed" security checkup
Two days ago a critical security gap in one of the most common encryption protocolls (SSL) named „Heartbleed“ was published. We offer a free checkup to our clients!
2014 Mar 05
Nsdtool published
Nsdtool is a toolset of scripts used to detect netgear switches in local networks.
2013 Dec 05
CVE-2013-6224: Cross Site Scripting in LiveZilla
Various components of the LiveZilla application are vulnerable to cross site scripting. An attacker can hijack an operator with cross site scripting.
2013 Dec 05
CVE-2013-6223: Local Password Disclosure in LiveZilla
An 1click file that allows an admin to log into LiveZilla using a mouse click is saved in a xml representation. This xml file includes the admin username and password in plaintext.