Category: cve

  • Blog
  • Category: cve

Taking Over Organizr Accounts

Today we have another rate-limiting issue. While this one is not as impactful as the previous one – it’s still fun. Organizr is a self-hosted application written in PHP that basically helps you self-host other services at your home. It’s nifty application with a surprisingly large amount of functionality. We were recently poking at it

Chamberlain myQ Account Takeover

Introduction A Brackish Security researcher recently uncovered a vulnerability affecting the myQ iOS application that allows an attacker to take over arbitrary user accounts. This issue was discovered in iOS application version 5.222.0.32277. No other versions were tested, but it is possible that multiple versions and platforms use the same APIs with vulnerable functionality. This

TutorTrac Multiple Stored XSS

TutorTrac Multiple Stored XSS Brackish researchers found authenticated stored cross-site-scripting (XSS) in TutorTrac version <= 4.2.170210. An authenticated attacker could utilize crafted input in several locations throughout the application to perform XSS attacks. This is a standard stored XSS attack that can be used to steal user’s sessions cookies, amongst other things.   Injection is a