Showing 1 - 9 of 9

Files from Stephan Sekula

Microsoft Intune Design Weakness: Posted Mar 20, 2018; Authored by Stephan Sekula; Compass Security discovered a design weakness in Microsoft Intune's iOS Keychain management. This allows users to access company data even after the device has been unenrolled.; tags | advisory; systems | apple, ios; SHA-256 | ddd63a88b904946a23a9cb733e253b9a99ce019c4a471fdab65dc2abd2085145; Download | Favorite | View

Microsoft Intune App PIN Bypass: Posted Feb 13, 2018; Authored by Stephan Sekula; Compass Security discovered a design weakness in Microsoft Intune's app protection. This weakness allows a malicious user that gets hold of an employee's iOS device to access company data even without knowing the app PIN.; tags | exploit; systems | cisco, ios; SHA-256 | 9eb901ef1974be004d63aa35bd969efac3bd77a0a761e1cbabb90340bf37e26c; Download | Favorite | View

Sunell IPCAMERA IPR54/14AKDN(II)/13 Session ID Enumeration: Posted May 27, 2017; Authored by Stephan Sekula; Sunell IPCAMERA IPR54/14AKDN(II)/13 suffers from a session ID enumeration vulnerability.; tags | exploit; SHA-256 | 60ce71b07534bee0f99b4630549295320551670713e34c6613132c5fce336ac9; Download | Favorite | View

Sunell IPCAMERA IPR54/14AKDN(II)/13 Cross Site Scripting: Posted May 27, 2017; Authored by Stephan Sekula; Sunell IPCAMERA IPR54/14AKDN(II)/13 suffers from a reflective cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 27e65ecc5f751798e2ae87d44a144b020245e5f7941b691a517e197e2a0004f7; Download | Favorite | View

Sunell IPR54/14AKDN(II)/13 Cross Site Scripting: Posted May 27, 2017; Authored by Stephan Sekula; Sunell IPR54/14AKDN(II)/13 suffers from a persistent cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 08008390429a0ee6a1e0891e649db3e2a21176e7ef4304f3a8a4f77d54e03e3d; Download | Favorite | View

PingID MFA Cross Site Scripting: Posted May 17, 2017; Authored by Stephan Sekula; PingID MFA suffers from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 57db2d857b67db2cb5f666a09adf045cea62b437c8e44e89fed65992fb15d053; Download | Favorite | View

Mongoose OS 1.2 Use-After-Free / Denial Of Service: Posted Apr 3, 2017; Authored by Philipp Promeuschel, Stephan Sekula, Carel van Rooyen; Mongoose OS versions 1.2 and below suffers from use-after-free and denial of service vulnerabilities.; tags | exploit, denial of service, vulnerability; advisories | CVE-2017-7185; SHA-256 | 29230e265e6385403b48459f9970358441ef14a35850ac8f58e0c0615ecbb02c; Download | Favorite | View

OpenAM 9 / 10 Cross Site Scripting: Posted Feb 24, 2016; Authored by Stephan Sekula; OpenAM versions 9 through 9.5.5 and 10.0.0 through 10.0.2 suffer from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 733a8d04f8cafa6811d950b5abe8bdd81bee1de0eb014f68a90053b49909b05d; Download | Favorite | View

OpenAM Open Redirect: Posted Feb 24, 2016; Authored by Stephan Sekula; Compass Security discovered a web application security flaw in the OpenAM application which allows an attacker to launch phishing attacks against users by redirecting them to a malicious website. An attacker is able to create a link that, when visited, will redirect the user to a website of the attacker's choosing once the victim attempts to login. This allows, for instance, phishing of user credentials. Since it is the victim who needs to visit the malicious link, this attack is possible for unauthenticated attackers who do not have access to the affected websites. Versions 9.5.5, 10.0.2, 10.1.0-Xpress, 11.0.0 through 11.0.3, and 12.0.0 through 12.0.2 are vulnerable.; tags | exploit, web; SHA-256 | 88f9d412f3d250d135b3a6b3b9f26c0dcfeb53a8228338a90e7281309a6da7e9; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days