Area41 2018 Wrap Up
Introduction Last Friday and Saturday (15./16. June 2018), the 6th edition of the security conference Area41 (formerly Hashdays, https://area41.io/) organized by DEFCON Switzerland... more
Compass Security Schweiz AG
Werkstrasse 20
8645 Jona
Schweiz
Advisories
Compass Security employees regularly identify 0day security weaknesses in products, either during customer projects or during their research time. We report such vulnerabilities to the respective vendors and believe in coordinated disclosure, as long as the vendor acts in its and our clients’ best interests and provides us with regular and constructive feedback. If any of these conditions are not met, Compass Security might opt for full disclosure as defined in our Vulnerability Disclosure Policy.
Downloads
- CSNC-2017-031 HomeMatic Incorrect Access Control(4 KB )
- CSNC-2018-021 Vert.x HTTP Header Injection(3 KB )
- CSNC-2018-013 ONELAN CMS Passwords in Source Code(2 KB )
- CSNC-2018-012 ONELAN CMS Cleartext Password(2 KB )
- CSNC-2018-011 ONELAN CSM Insufficient Authorization Checks(2 KB )
- CSNC-2018-010 ONELAN CMS Account Brute Force(2 KB )
- CSNC-2018-009 ONELAN CMS arbitrary File Upload(2 KB )
- CSNC-2018-008 ONELAN CMS JWT in GET Request(2 KB )
- CSNC-2018-007 ONELAN CMS CSRF(2 KB )
- CSNC-2018-006 ONELAN CMS stored XSS(3 KB )
- CSNC-2018-005 ONELAN CMS reflected XSS(3 KB )
- CSNC-2018-003 totemomail Encryption Gateway Cross-Site Request Forgery(6 KB )
- CSNC-2018-002 totemomail Encryption Gateway JSONP hijacking(5 KB )
- CSNC-2017-026 Microsoft Intune Preserved Keychain Entries(2 KB )
- CSNC-2017-027 Microsoft Intune App PIN Bypass(4 KB )
- CSNC-2018-001 Zimbra Stored XSS(3 KB )
- CSNC-2017-033 GitLab Self XSS(2 KB )
- CSNC-2017-030 MyTy Reflected XSS(4 KB )
- CSNC-2017-029 MyTy Blind SQL Injection(3 KB )
- CVE-2017-9096 iText XML External Entity Vulnerability(2 KB )
- CSNC-2017-023 Mongoose Network Library Bof(17 KB )
- CSNC-2017-012 Sunell Session ID Enumeration(5 KB )
- CSNC-2017-011 Sunell Stored XSS(4 KB )
- CSNC-2017-010 Sunell Reflected XSS(3 KB )
- CSNC-2017-013_pingid_reflected_xss(3 KB )
- CSNC-2017-004 Live Helper Chat(3 KB )
- CVE-2017-7185 Mongoose OS Use-after-free_update(9 KB )
- CSNC-2016-008 VMware AirWatch XSS(3 KB )
- CSNC-2016-006_ASP.NET Core 5-RC1 HTTP Header Injection(2 KB )
- CVE-2016-6856,6857,6858 SAP Hybris XSS(3 KB )
- CVE-2016-6859 SAP Hybris Information Disclosure(3 KB )
- CVE-2014-1237 i-doit - Cross-site Scripting (XSS)(2 KB )
- CSNC-2016-002 OpenAM Open Redirection(3 KB )
- CSNC-2016-001 OpenAM XSS(3 KB )
- CVE-2016-0955 Adobe Experience Manager AEM-XSS(3 KB )
- CSNC-2015-007 Netgear Router Firmware N300 Authentication Bypass(4 KB )
- CVE-2015-5372 AdNovum nevisAuth Autentication Bypass(4 KB )
- CVE-2015-3442 Soreco Xpert.Line Authentication Bypass(4 KB )
- CVE-2015-3443 Thycotic Secret Server XSS(3 KB )
- CSNC-2014-006 softring_xss(3 KB )
- CSNC-2014-005 softring_backdoor_account(4 KB )
- CSNC-2014-004 neuroML multiple-vulns(4 KB )
- CSNC-2013-018 SAP BusinessObjects Explorer XXE(4 KB )
- CSNC-2013-017 SAP BusinessObjects Explorer Cross-Site-Flashing(3 KB )
- CSNC-2013-016 SAP BusinessObjects Explorer Port-Scanning(3 KB )
- CSNC-2014-001 javaMail - SMTP Header Injection via method setSubject(10 KB )
- CVE-2014-1597 i-doit - SQL Injection(2 KB )
Compass Security Blog
Compass at Area41 2018
We are at the Area 41 conference! This IT Security Conference is happening on the 15/16th of June in 2018 in Zürich. Compass Security supports this non-profit event as Platinum Sponsor. We’ll have a... more
CALENDAR
Industrial Cyber Security Days 2018
IT-Security in industriellen Anlagen – sicher in die Zukunft starten! Read more
Swiss Cyber Storm 2018
Die internationale IT Security Konferenz findet heuer am Dienstag, 30. Oktober 2018 im Kursaal Bern statt. Read more
NEWS
Vulnerability in Homeputer CL Studio for HomeMatic
Thierry Viaccoz identified an incorrectly designed access control in Homeputer CL Studio for HomeMatic. Read more
Vulnerability in Vert.x Framework
Lukasz D. identified an HTTP header injection vulnerability in Vert.x Framework. Read more
Vulnerabilities in ONELAN Content Management System
Stephan Sekula identified vulnerabilities in ONELAN Content Management System (CMS) Read more