BB&T U CVE-2016-6550 SSL Certificate Validation Security Bypass Vulnerability
Monthly Archives: September 2016
Critical Vulnerability in Ubiquiti UniFi
Posted by Tim Schughart on Sep 30
Hello @all,
together with my colleague we found two uncritical vulnerabilities you’ll find below.
Product: UniFi AP AC Lite
Vendor: Ubiquiti Networks Inc.
Internal reference: ? (Bug ID)
Vulnerability type: Incorrect access control
Vulnerable version: Unify 5.2.7 and possible other versions affected (not tested)
Vulnerable component: Database
Report confidence: yes
Solution status: Not fixed by Vendor, the bug is a feature.
Fixed…
CompTIA Security+ and its insecure support system
Posted by user09990 on Sep 30
I was signed up CompTIA account with a fake name for a privacy reason. Later on, I wanted to update my name in CompTIA
account because I was planning to take their Security+ certificate. The problem is I cannot update my name directly
from the profile menu, it told me to create a support ticket (this is a good idea I guess). However, the support guy
asked me to upload a copy of a legal ID (driver’s license or passport) to the support…
Radioactive Mouse States the Obvious: Exploiting unencrypted and unauthenticated data communication of wireless mice
Posted by Matthias Deeg on Sep 30
tl;dr
Today, SySS published a proof-of-concept video demonstrating a mouse
spoofing attack resulting in remote code execution due to insecure
wireless mouse communication:
https://www.youtube.com/watch?v=PkR8EODee44
—–
Radioactive Mouse States the Obvious
In the course of their research project about modern wireless desktop
sets using AES encryption, Expert IT Security consultant Matthias Deeg
and IT Security Consultant Gerhard…
Multiple exposures in Sophos UTM
Posted by Tim Schughart on Sep 30
Hello @all,
together with my colleague we found two uncritical vulnerabilities you’ll find below.
Product: Sophos UTM
Vendor: Sophos ltd.
Internal reference: ? (Bug ID)
Vulnerability type: Information Disclosure
Vulnerable version: 9.405-5, 9.404-5 and possible other versions affected (not tested)
Vulnerable component: Frontend
Report confidence: yes
Solution status: Not fixed by Vendor, no further responses from vendor.
Fixed…
Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6
Posted by Larry W. Cashdollar on Sep 30
Title: Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6
Author: Larry W. Cashdollar, @_larry0
Date: 2016-09-16
Download Site: http://huge-it.com/joomla-portfolio-gallery/
Vendor: huge-it.com
Vendor Notified: 2016-09-17
Vendor Contact: info () huge-it com
Description: Huge-IT Portfolio Gallery extension can do wonders with your website. If you wish to show your photos,
videos, enclosing the additional images and videos,…
[SYSS-2016-058] CHERRY B.UNLIMITED AES – Insufficient Verification of Data Authenticity (CWE-345)
Posted by Matthias Deeg on Sep 30
Advisory ID: SYSS-2016-058
Product: CHERRY B.UNLIMITED AES
Manufacturer: Cherry GmbH
Affected Version(s): JD-0400EU-2/01
Tested Version(s): JD-0400EU-2/01
Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345)
Mouse Spoofing Attack
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2016-06-28
Solution Date: –
Public Disclosure: 2016-09-30
CVE Reference: Not yet assigned
Authors of…
[SYSS-2016-060] Logitech M520 – Insufficient Verification of Data Authenticity (CWE-345)
Posted by Matthias Deeg on Sep 30
Advisory ID: SYSS-2016-060
Product: M520 (Mouse of Wireless Combo MK520)
Manufacturer: Logitech
Affected Version(s): Model Y-R0012
Tested Version(s): Model Y-R0012
Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345)
Mouse Spoofing Attack
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2016-06-28
Solution Date: –
Public Disclosure: 2016-09-30
CVE Reference: Not yet assigned
Authors…
[SYSS-2016-061] PERIDUO-710W – Insufficient Verification of Data Authenticity (CWE-345)
Posted by Matthias Deeg on Sep 30
Advisory ID: SYSS-2016-061
Product: PERIDUO-710W
Manufacturer: Perixx Computer GmbH
Affected Version(s): Part No. KG-1027
Tested Version(s): Part No. KG-1027
Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345)
Mouse Spoofing Attack
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2016-06-28
Solution Date: –
Public Disclosure: 2016-09-30
CVE Reference: Not yet assigned
Authors of…
Ubiquiti UniFi AP AC Lite 5.2.7 Improper Access Control
Ubiquiti UniFi AP AC Lite version 5.2.7 allows for direct modification of the database with no authentication.