out this?
Best regards / Mit freundlichen Grüßen
Tim Schughart
CEO / Geschäftsführer
--
ProSec GmbH
Robert-Koch-Straße 1-9
56751 Polch
Website: https://www.prosec-networks.com
Phone: +49 (0)261 450 930 90
Sitz der Gesellschaft / company domiciled in: Polch
Registergericht / re
:U/C:H/I:H/A:H
Do you agree?
I’m looking forward to minimize our "race time condition denial of service", to
deliver fast results in future :-P
Best regards / Mit freundlichen Grüßen
Tim Schughart
CEO / Geschäftsführer
--
ProSec Networks e.K.
Ellingshohl 82
56076 Kobl
to the ap.
Best regards
Tim Schughart
> Am 01.10.2016 um 15:30 schrieb Carlos Silva <r3...@r3pek.org>:
>
> Hi Tim!
>
> I can be missing something here but I just checked this on a fresh installed
> Unifi Controller and mongod is binding to localhost making this a no
affected (not
tested)
Vulnerable component: Database
Report confidence: yes
Solution status: Not fixed by Vendor, the bug is a feature.
Fixed versions: -
Researcher credits: Tim Schughart, Immanuel Bär, Khanh Quoc Pham of ProSec
Networks
Solution date: -
Public disclosure: 2016-09-30
CVE
(not
tested)
Vulnerable component: Frontend
Report confidence: yes
Solution status: Not fixed by Vendor, no further responses from vendor.
Fixed versions: -
Researcher credits: Tim Schughart & Khanh Quoc Pham of ProSec Networks
Vendor notification: 2016-09-01
Solution date: -
Public disclosure: 201
, will not patch the vuln.
Fixed versions: -
Researcher credits: Tim Schughart & Khanh Quoc Pham of ProSec Networks
Vendor notification: 2016-09-21
Solution date:
Public disclosure: 2016-09-29
CVE reference:
CVSSv3: 8.0 AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
<https://nvd.nist.gov/cvss/v3-cal
ver name
Value for ldap server name field:
Name_of_ldap_serveralert("XSS")
The script is inserted to the configuration page persistent until the ldap
server is deleted from database again.
Best regards / Mit freundlichen Grüßen
Tim Schughart
CEO | IT Security specialist
ProSec Net
