@DTCERT-
Teamwire Pass Code Bypass
A pass code bypass in the mobile application of Teamwire for Android allows an attacker with physical access to the phone to use the app without entering the valid pass code.
-
T-Pot Version 20.06 released
On June, 30th 2020 we finally released T-Pot 20.06 after an extensive period of testing to ensure the update process (which is still in beta) is not likely to break things. With T-Pot 20.06 released we are proud to see that T-Pot is now growing faster than before. T-Pot 20.06 comes with new honeypots, such as Dicompot, a new Elasticpot and HoneySAP. All of which have Kibana dashboards readily available to get you covered…
-
IBM Maximo Asset Management is vulnerable via XXE
IBM Maximo Asset Management is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
-
Smuggling HTTP headers through reverse proxies
Under some conditions, it is possible to smuggle HTTP headers through a reverse proxy, even if it was explicitly unset before. This is possible in some cases due to HTTP header normalization and parser differentials. Because HTTP headers are commonly used as way to pass authentication data to the backend (for example in mutual TLS scenarios), this can lead to critical vulnerabilities.
-
Unquoted Service Path exploit in Fortinet FortiClient
FortiClient for Windows prior to 6.2.3 is vulnerable to an unquoted service path vulnerability (CVE-2019-17658). That may allow an attacker to gain elevated privileges via the FortiClientConsole executable service path.
-
Juniper Junos Space prior to 19.4R1 Local File Inclusion Vulnerability
A Local File Inclusion vulnerability (CVE-2020-1611) in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets.
-
wolfSSL TLSv1.3 Remote Buffer Overflow
A new critical remote buffer overflow vulnerability (CVE-2019-11873) was discovered in the wolfSSL library (version 4.0.0-stable, http://www.wolfssl.com) by Security Evaluators of Telekom Security with modern fuzzing methods. The vulnerability allows an attacker to overwrite a large part of the RAM of a wolfSSL server with hisdata over the network.
-
axTLS Remote Buffer Overflow
A new critical remote buffer overflow vulnerability (CVE-2019-8981) in the axTLS library for embedded devices (version 2.1.4, http://axtls.scourceforge.net was discovered on 2019 February 20 with modern fuzzing methods, which possibly allows remote code execution. A new fixed version (2.1.5) countering this is now available for download.