Tag: cve

Taking Over Organizr Accounts

Today we have another rate-limiting issue. While this one is not as impactful as the previous one – it’s still fun. Organizr is a self-hosted application written in PHP that basically helps you self-host other services at your home. It’s nifty application with a surprisingly large amount of functionality. We were recently poking at it

Chamberlain myQ Account Takeover

Introduction A Brackish Security researcher recently uncovered a vulnerability affecting the myQ iOS application that allows an attacker to take over arbitrary user accounts. This issue was discovered in iOS application version 5.222.0.32277. No other versions were tested, but it is possible that multiple versions and platforms use the same APIs with vulnerable functionality. This