CVE-2018-18071

An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connected Vehicle API data exchange between the app and a server might be intercepted. The app can be used to operate the Remote Parking Pilot, unlock the vehicle, or obtain sensitive information such as...

EUVD-2018-9810

Malware in sbrugna...

Malicious code in @daimler-rcms/api-client (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-9463 Malicious code in @daimler-rcms/api-client (npm)

--- -= Per source details. Do not edit below this line.=-...

Daimler Truck: Default credential to login at site management panel

Summary: Hi Team During recon on shodan I came across an IP pointing towards lre.daimlertruck.com Here is the shodan link https://www.shodan.io/host/20.219.79.49 On port 8443, there was a login panel at https://20.219.79.49:8443/Site/ and using default credential admin admin I was able to login...

Daimler Truck: Server-based source code disclosures

URL: https://www.bharatbenz.com/TEST.PHP CWE: CWE-538 CVSS: 7.5-CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N One or more pages disclosing source code were found. This check is using pattern matching to determine if server side tags are found in the file. In some cases this alert may generate fals...

Daimler Truck: Time-based SQL Injection

CWE: CWE-89 CVSS: 9.1 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N URL: www.bharatbenz.com//dealer/0'XORifnow=sysdate,sleep20,0XOR'Z QL injection SQLi refers to an injection attack wherein an attacker can execute malicious SQL statements that control a web application's database server. Impact ...

Daimler Truck: CSRF + XSS REFLECT

Hello Daimler Truck Team! I found a reflected XSS at https://www.truck-privilege.daimlertruck.com/auth/lostLogin To make it reflected, CSRF - Cross-Site request Forgery was used together. An attacker can create a malicious website and trick the user into opening it, when the user opens it, he is...

CVE-2018-18071

An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connected Vehicle API data exchange between the app and a server might be intercepted. The app can be used to operate the Remote Parking Pilot, unlock the vehicle, or obtain sensitive information such as...

Design/Logic Flaw

An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connected Vehicle API data exchange between the app and a server might be intercepted. The app can be used to operate the Remote Parking Pilot, unlock the vehicle, or obtain sensitive information such as...

CVE-2018-18070

An issue was discovered in Daimler Mercedes-Benz COMAND 17/13.0 50.12 on Mercedes-Benz C-Class 2018 vehicles. Defining or receiving a specific navigation route might cause the system to freeze and reboot after a few transmissions. When the system next starts, it tries to re-calculate the route,...

Code injection

An issue was discovered in Daimler Mercedes-Benz COMAND 17/13.0 50.12 on Mercedes-Benz C-Class 2018 vehicles. Defining or receiving a specific navigation route might cause the system to freeze and reboot after a few transmissions. When the system next starts, it tries to re-calculate the route,...

CVE-2018-18070

The CVE-2018-18070 entry identifies a vulnerability in Daimler Mercedes-Benz COMAND 17/13.0 50.12 on Mercedes-Benz C-Class 2018 vehicles. The issue: defining or receiving a specific navigation route may cause the system to freeze and reboot after a few transmissions; on the next start, it re-calc...

CVE-2018-18071

The CVE concerns Daimler Mercedes-Benz Me app for iOS (version 2.11.0-846). The issue is the encrypted Connected Vehicle API data exchange between the app and its server, which could be intercepted. This could allow misuse of the Remote Parking Pilot, vehicle unlocks, or access to sensitive data ...

CVE-2018-18071

An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connected Vehicle API data exchange between the app and a server might be intercepted. The app can be used to operate the Remote Parking Pilot, unlock the vehicle, or obtain sensitive information such as...

CVE-2018-18070

An issue was discovered in Daimler Mercedes-Benz COMAND 17/13.0 50.12 on Mercedes-Benz C-Class 2018 vehicles. Defining or receiving a specific navigation route might cause the system to freeze and reboot after a few transmissions. When the system next starts, it tries to re-calculate the route,...

Daimler 4You - Mitarbeiter App - Customized SSL, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Daimler 4You - Mitarbeiter App published at the 'play' market has multiple vulnerabilities...

daimler.com XSS vulnerability

Vulnerable URL: http://www.daimler.com/dccom/suche/erweitert/query Details: Description| Value ---|--- Patched:| Yes, at 30.01.2016 Latest check for patch:| 30.01.2016 17:32 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 21559 Google Pagerank| 7 VIP website...