[Full-disclosure] Tool Release: nsdtool - netgear switch discovery

Hi List, we are happy to publish a tool written some months ago to discover netgear switches using python. Abstract nsdtool is a toolset of scripts used to detect netgear switches in local networks. The tool contains some extra features like bruteforce and setting a new password. Netgear has

Re: [Full-disclosure] CVE-2013-6271 Remove Android Device Lock - App published

Hi List, please find an example app and sourcecode here: https://www.curesec.com/data/binary/CRT-RemoveLocks.apk https://www.curesec.com/data/binary/CRT-RemoveLocks.tar.bz2 Cheers, CRT Am 27.11.2013 20:16, schrieb Curesec Research Team: Please find a better readable version of the advisory

[Full-disclosure] CVE-2013-6271 Remove Android Device Lock by rouge app

Please find a better readable version of the advisory here: https://cureblog.de/2013/11/755/ Cheers, Curesec Research Team == CVE-2013-6271: Security Advisory – Curesec Research Team 1. Introduction Advisory ID:Cure-2013-1011

[Full-disclosure] CVE-2013-6224: XSS in Livezilla prior version 5.1.1.0

Security Advisory - Curesec Research Team = 1. Introduction Advisory ID: Cure-2013-1006 Advisory URL: https://www.curesec.com/ Affected Product: Prior 5.1.1.0 Fixed Version: 5.1.1.0 Vendor Contact: supp...@livezilla.net Vulnerability Type

[Full-disclosure] CVE-2013-6223: Local Password Disclosure in Livezilla prior version 5.1.1.0

Security Advisory - Curesec Research Team = 1. Introduction Advisory ID: Cure-2013-1008 Advisory URL: https://www.curesec.com/ Affected Product: Prior LiveZilla version 5.1.1.0 Affected Systems: Windows Vendor Contact: supp

[Full-disclosure] CVE-2013-622 Livezilla Remote Code Execution (Cure-2013-1007)

CVE-2013-6225: Security Advisory – Curesec Research Team 1. Introduction Advisory ID:Cure-2013-1007 Advisory URL: https://www.curesec.com/de/veroeffentlichungen /advisories.html Blog URL: https://cureblog.de/2013/11/remote-code-execution-in-livezilla

[Full-disclosure] Phishing Google Wallet and Paypal by abusing WhatsApp

Hi List, please find the vulnerability description within this post. Cheers, Curesec Research Team Reference: https://cureblog.de/2013/07/phishing-google-wallet-and-paypal-by-abusing-whatsapp/ Phishing Google Wallet and Paypal by abusing WhatsApp -=Introduction=- WhatsApp is one

Re: [Full-disclosure] OpenSSH User Enumeration Time-Based Attack

Am 11.07.2013 16:41, schrieb Jann Horn: FYI, the openssh guys have known this for quite a while and they don't treat it as an issue worth fixing. They don't want to introduce extra anti-timing code just to prevent user enumeration from working. Oh really? By the way: If you can hog the CPU

[Full-disclosure] OpenSSH User Enumeration Time-Based Attack

massively. In our case we go with 39.000 characters(A’s). Trying those passwords at an existing and a non-existing account shows a quite high delay. Find the rest of the post + some example code at the blogpost. http://cureblog.de/openssh-user-enumeration-time-based-attack/ Cheers, Curesec Research

[Full-disclosure] Inkasso Trojaner Analysis - Part 2

Hi List, please find the second part of the Inkasso Trojaner. In this blogpost we go on with the analysis of the dropper. This time with related domain names,ip's and commands it is supporting. https://cureblog.de/inkasso-trojaner-part-2/ Have fun! Curesec Research Team

[Full-disclosure] Inkasso Trojaner Analysis - Part 1

Hi List,   we analyzed a Trojan, propagating via email, sent to us some days ago. Please find the first part here:   http://cureblog.de/inkassomahngebuhren-trojaner-part-1/   Cheers, Curesec Research Team ___ Full-Disclosure - We believe in it. Charter