/">Home */}} Home Honeypots Advisories @DTCERT About

Telekom Security

Home Honeypots Advisories @DTCERT About

  • Smuggling HTTP headers through reverse proxies

    15 May 2020 • Advisories • Research

    Under some conditions, it is possible to smuggle HTTP headers through a reverse proxy, even if it was explicitly unset before. This is possible in some cases due to HTTP header normalization and parser differentials. Because HTTP headers are commonly used as way to pass authentication data to the backend (for example in mutual TLS scenarios), this can lead to critical vulnerabilities.

    Continue Reading →

  • Unquoted Service Path exploit in Fortinet FortiClient

    09 Mar 2020 • Advisories

    FortiClient for Windows prior to 6.2.3 is vulnerable to an unquoted service path vulnerability (CVE-2019-17658). That may allow an attacker to gain elevated privileges via the FortiClientConsole executable service path.

    Continue Reading →

  • Juniper Junos Space prior to 19.4R1 Local File Inclusion Vulnerability

    31 Jan 2020 • Advisories

    A Local File Inclusion vulnerability (CVE-2020-1611) in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets.

    Continue Reading →

  • wolfSSL TLSv1.3 Remote Buffer Overflow

    20 May 2019 • Advisories

    A new critical remote buffer overflow vulnerability (CVE-2019-11873) was discovered in the wolfSSL library (version 4.0.0-stable, http://www.wolfssl.com) by Security Evaluators of Telekom Security with modern fuzzing methods. The vulnerability allows an attacker to overwrite a large part of the RAM of a wolfSSL server with hisdata over the network.

    View the full advisory

    Continue Reading →

  • axTLS Remote Buffer Overflow

    22 Mar 2019 • Advisories

    A new critical remote buffer overflow vulnerability (CVE-2019-8981) in the axTLS library for embedded devices (version 2.1.4, http://axtls.scourceforge.net was discovered on 2019 February 20 with modern fuzzing methods, which possibly allows remote code execution. A new fixed version (2.1.5) countering this is now available for download.

    View the full advisory

    Continue Reading →

  • T-Pot Version 19.03 released

    04 Jan 2019 • Honeypots

    In Mach 2019 we released T-Pot 19.03. Read more Details here.

    Continue Reading →

  • WeBid Directory Traversal, Blind SQL Injection and XSS

    03 Dec 2018 • Advisories

    Multiple vulnerabilities were identified in version 1.2.2 of the popular “WeBid” open source auction system. Patches for all three vulnerabilities are available in their GitHub, and will be included in the next release.

    Continue Reading →

  • ServiceNow Glide Scripting injection leading to privilege escalation

    27 Jul 2018 • Advisories

    ServiceNow, an enterprise IT service management solution, is vulnerable to an template injection vulnerability, leading to a full privilege escalation.

    Continue Reading →

« 1 2 3 4 »
Imprint • Disclaimer • Privacy Policy