04 Nov 2015

XCart 5.2.6: Path Traversal

There is a Path Traversal vulnerability in the admin area of XCart 5.2.6. It makes it possible to list directories and download arbitrary files.  Read more

14 Sep 2015

ZeusCart 4.0: CSRF

ZeusCart 4.0 does not have CSRF protection. Because of this, it is for example possible to add additional admin accounts. This issue has not been fixed.  Read more

01 Sep 2015

NibbleBlog 4.0.3: CSRF

There is a CSRF vulnerability in NibbleBlog 4.0.3 which can lead to the creating of new posts and thus XSS. The issue is not yet fixed.  Read more

17 Aug 2015

Bolt 2.2.4: Code Execution

The file editor of the admin area of Bolt 2.2.4 allows for the editing of file extensions, which leads to code execution once an attacker has gained admin credentials.  Read more

04 Jul 2014

CVE-2013-6272 com.android.phone

We conducted a deep investigation of android components and created some CVEs plus reporting Bugs to the Android Security Team in late 2013. Today we want publish one reported and one similar vulnerability.  Read more

02 May 2014

Heartbleed analysis daemon published

The Heartbleed bug is a programming error in the versions 1.0.1 to 1.0.1f of the open-source OpenSSL cryptography library. Curesec has published hbad, a Heartbleed client side tool to check for this critical security gap.  Read more

09 Apr 2014

"Heartbleed" security checkup

Two days ago a critical security gap in one of the most common encryption protocolls (SSL) named „Heartbleed“ was published. We offer a free checkup to our clients!  Read more

27 Nov 2013

CVE-2013-6271: Remove Device Locks from Android Phone

This vulnerability enables any rogue app at any time to remove all existing device locks activated by a user. Furthermore we have created an app to demonstrate the issue. You can choose two options, remove all locks right away or remove them at a defined time.  Read more

16 Sep 2013

Inkasso Trojaner – Part 3

In this report we would like to point out how the rootkit infects a system, how it operates and what kind of anti-reversing and anti-debugging techniques are in place.  Read more

10 Sep 2013

Exfiltrate Data using the old ping utility trick

We are back with a great blogpost. This time about data exfiltration using ping, packed together as a simple backdoor-like code. The technique may work in generell for linux and windows as well, however the main target and interest was Android.  Read more

09 Jul 2013

OpenSSH User Enumeration Time-Based Attack

Today, we will show a bug concerning OpenSSH. OpenSSH is the most used remote control software nowadays on *nix like operating systems. Legacy claims it replaced unencrypted daemons like rcp, rsh and telnet. Find a version at: https://www.openssh.com.  Read more

01 Jul 2013

Inkasso Trojaner – Part 2

In Part 1 of the analysis we have seen a first description of the dropper and how to extract the executeable placed in the file. To move forward with work we dumped the memory with the decrypted virus body and continued the analysis.  Read more

18 Jun 2013

Inkasso Trojaner – Part 1

Some days ago we received an email with a double zipped dropper agent included. We decided to start an analysis. This is the first part with our results, in this blogpost we only focus on the dropper itself.  Read more

25 Feb 2012

Angriffs-Vektor: Direct Memory Access

Wir bei Curesec haben uns mit Direct Memory Access (DMA) als Angriffsvektor auf Rechner beschäftigt. Dies haben wir vor allem getan, um die Sicherheit unserer eigenen Rechner entsprechend sicherstellen zu können. Dieser Blogartikel stellt die Ergebnisse dieser Untersuchung vor.  Read more