2006
Vendor contacted: February7th 2006
Advisory published: February13th 2006
AUTHOR: Micha Borrmann ([EMAIL PROTECTED])
SySS GmbH
D-72070 Tuebingen / Germany
APPLICATION:gastbuch
AFFECTED VERSION: all 1.3.3 (1.3.2
: July13th 2012
Advisory published: October 12th 2012
AUTHOR: Micha Borrmann (micha.borrm...@syss.de)
SySS GmbH
D-72070 Tuebingen / Germany
APPLICATION:Windows Client
AFFECTED VERSION: 1.1.5-5 (32 Bit Version)
Remotely exploitable
Notification: 2014-04-07
Solution Date: 2014-04-09
Public Disclosure: 2014-04-16
CVE Reference: CVE-2014-2735
Author of Advisory: Micha Borrmann (SySS GmbH)
-
Overview: WinSCP is not checking the Common Name of a X.509
)
Vulnerability Type: X.509 validation
Risk Level: Medium
Solution Status: Fixed
Vendor Notification: 2014-04-08
Solution Date: 2014-04-10
Public Disclosure: 2014-05-06
CVE Reference: CVE-2014-2845
Author of Advisory: Micha Borrmann (SySS GmbH)
Overview:
Cyberduck (Windows versions only) accepts X.509 server
Level: Medium
Solution Status:
Vendor Notification: 2014-04-04
Solution Date:
Public Disclosure: 2014-05-19
CVE Reference: Not assigned, (but similiar to CVE-2012-6606)
Author of Advisory: Micha Borrmann (SySS GmbH)
Overview:
FTP Rush does not validating X.509 certificates, if FTP
Nice tool, but it is also possible, to use DNSSEC to validate SSH
fingerprints, which is much more comfortable and more secure.
Am 01.09.2014 um 06:41 schrieb John Leo:
This tool displays SSH host key fingerprint - through HTTPS.
SSH is about security; host key matters a lot here; and you can
: 2016-08-17
CVE Reference: Not yet assigned
Author of Advisory: Micha Borrmann, SySS GmbH
Overview:
NetIQ Access Manager is a web access management software that provides
secure access to enterprise and cloud applications
: 2016-11-10
Solution Date: 2016-12-05
Public Disclosure: 2016-12-14
CVE Reference: CVE-2016-9207
Author of Advisory: Micha Borrmann, SySS GmbH
Overview:
Jabber Guest [1] can be used to connect people from the Internet
Level: Low
Solution Status: Open
Manufacturer Notification: 2017-03-01
Solution Date:
Public Disclosure: 2017-07-04
CVE Reference: Not yet assigned
Authors of Advisory: Micha Borrmann (SySS GmbH)
Overview:
Microsoft Office 365
Verification of Data Authenticity (CWE-345)
Mouse Spoofing Attack
Risk Level: Medium
Solution Status: Open
Manufacturer Notification: 2017-03-02
Solution Date: -
Public Disclosure: 2017-05-08
CVE Reference: Not yet assigned
Authors of Advisory: Micha Borrmann and Matthias Deeg
ble-disclosure-policy/
Credits:
This security vulnerability was found by Micha Borrmann of SySS GmbH.
E-Mail: micha.borrmann (at) syss.de
Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Micha_Borrmann.asc
ype:Information Exposure (CWE-200)
Risk Level:Low
Solution Status: Open
Manufacturer Notification: 2018-08-29
Solution Date: 20??-??-??
Public Disclosure: 2018-10-23
CVE Reference: CVE-2018-18566
Authors of Advisory: Micha Borrmann (SySS G
ory: Micha Borrmann (SySS GmbH)
Overview:
If a AudioCodes 440HD/450HD IP Phone [1] is used with an on-premise
installation with Skype for Business, the phone has stored credentials
of an account in the active directory. Perform
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Advisory ID: SYSS-2018-024
Product: Collaboration Compliance and Quality Management
Platform
Manufacturer: Verint Verba
Affected Version(s): <= 9.1.1.5482
Tested Version(s): 9.1.1.5482
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Advisory ID: SYSS-2018-023
Product: Collaboration Compliance and Quality Management
Platform
Manufacturer: Verint Verba
Affected Version(s): <= 9.1.1.5482
Tested Version(s): 9.1.1.5482
CVE number assigned
2018-12-03: Vulnerability reported to manufacturer
2019-01-17: Public release of the security advisory
References:
[1] Support web site
http
ite Scripting (CWE-79)
Risk Level:Low
Solution Status: Fixed
Manufacturer Notification: 2018-11-29
Solution Date: 2018-12-20
Public Disclosure: 2019-01-11
CVE Reference: CVE-2018-19694
Authors of Advisory: Micha Borrmann (SySS G
17 matches
Mail list logo
