23 matches found
EUVD-2018-9359
Malware in sbrugna...
sennheiser.cz Cross Site Scripting vulnerability OBB-3570514
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
German audio tech giant Sennheiser exposed 55GB of customers’ data
By Waqas Sennheiser left personal data of over 28,000 customers exposed on a misconfigured Amazon Web Services AWS server. This is a post from HackRead.com Read the original post: German audio tech giant Sennheiser exposed 55GB of customers data...
Microsoft Warns of Two Apps That Expose Private Keys
Microsoft on Tuesday warned users that digital certificates were disclosed in two apps, which could allow a bad actor to remotely spoof websites or content. Headset software company Sennheiser HeadSetup, Microsoft said, had inadvertently installed the root certificates onto two apps, HeadSetup an...
Inadvertently Disclosed Digital Certificates Could Allow Spoofing
Microsoft is publishing this advisory to notify customers of two inadvertently disclosed digital certificates that could be used to spoof content and to provide an update to the Certificate Trust List CTL to remove user-mode trust for the certificates. The disclosed root certificates were...
KLA11376 Spoofing vulnerability in Microsoft Windows
A vulnerability was found in Microsoft Windows. Malicious users can exploit this vulnerability to spoof user interface. Technical details The certificates were inadvertently disclosed by the Sennheiser HeadSetup and HeadSetup Pro software. Original advisories ADV180029 Related products...
Code injection
Sennheiser HeadSetup 7.3.4903 places Certification Authority CA certificates into the Trusted Root CA store of the local system, and publishes the private key in the SennComCCKey.pem file within the public software distribution, which allows remote attackers to spoof arbitrary web sites or softwa...
CVE-2018-17612
Sennheiser HeadSetup 7.3.4903 places Certification Authority CA certificates into the Trusted Root CA store of the local system, and publishes the private key in the SennComCCKey.pem file within the public software distribution, which allows remote attackers to spoof arbitrary web sites or softwa...
CVE-2018-17612
Sennheiser HeadSetup 7.3.4903 places Certification Authority CA certificates into the Trusted Root CA store of the local system, and publishes the private key in the SennComCCKey.pem file within the public software distribution, which allows remote attackers to spoof arbitrary web sites or softwa...
CVE-2018-17612
Summary of CVE-2018-17612 : Sennheiser HeadSetup (and HeadSetup Pro) improperly published the private signing key in the public distribution and installed CA/root certificates into the local Trusted Root CA store. The root cause is the inclusion of the private key in the SennComCCKey.pem file, en...
CVE-2018-17612
Sennheiser HeadSetup 7.3.4903 places Certification Authority CA certificates into the Trusted Root CA store of the local system, and publishes the private key in the SennComCCKey.pem file within the public software distribution, which allows remote attackers to spoof arbitrary web sites or softwa...
openSUSE Security Update : the Linux Kernel (openSUSE-2017-1062) (BlueBorne)
The openSUSE Leap 42.2 kernel was updated to 4.4.87 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel BlueZ was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration...
sennheiser.cz XSS vulnerability
Vulnerable URL: http://www.sennheiser.cz/index.php?id=25=241%3C!%27/!%22/!%27/%22/--!%3E%3CInput/Type=Text%20AutoFocus%20/;%20OnFocus=confirmOPENBUGBOUNTY%20//%3E%3CSvg%3E=242=240,241 Details: Description| Value ---|--- Patched:| Verification in progress Latest check for patch:| 19.11.2017...
shop.sennheiserindia.com XSS vulnerability
Open Bug Bounty ID: OBB-207936 Description| Value ---|--- Affected Website:| shop.sennheiserindia.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
store.sennheiserusa.com Open Redirect vulnerability
Vulnerable URL: http://store.sennheiserusa.com/store/sennheis/enUS/RedirectToLandingPage/pgm.95708900?landingpage=http%3A%2F%2Fwww.openbugbounty.org Details: Description| Value ---|--- Patched:| Yes, at 25.11.2017 Latest check for patch:| 25.11.2017 09:56 GMT Vulnerability type:| Open Redirect...
shop.sennheiser.be Open Redirect vulnerability
Vulnerable URL: https://shop.sennheiser.be/store/sennww/enUS/RedirectToLandingPage/pgm.95708900?landingpage=http%3A%2F%2Fwww.openbugbounty.org Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / N...
shop.sennheiser.de Open Redirect vulnerability
Vulnerable URL: https://shop.sennheiser.de/store/sennww/deDE/RedirectToLandingPage/pgm.95708900?landingpage=http%3A%2F%2Fwww.openbugbounty.org Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / N...
shop.sennheiser.com Open Redirect vulnerability
Vulnerable URL: http://shop.sennheiser.com/store/sennww/enGB/RedirectToLandingPage/pgm.95708900?landingpage=http%3A%2F%2Fwww.openbugbounty.org Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / N...
app.sennheiser.com XSS vulnerability
Vulnerable URL: http://app.sennheiser.com/sennheiser/sw-downloads.nsf/download?OpenForm=Digital 9000=Wireless Systems Manager〈=en=SennheiserWSMSetup4093MAC.dmg=1=asd';alert"XSSPOSED"// Details: Description| Value ---|--- Patched:| Yes, at 25.07.2017 Latest check for patch:| 25.07.2017 18:55 GMT...
app.sennheiser.com XSS vulnerability
Vulnerable URL: http://app.sennheiser.com/sennheiser/sw-downloads.nsf/download?OpenForm=Digital 9000=Wireless Systems Manager〈=en=SennheiserWSMSetup4093MAC.dmg=1asd';alert"XSSPOSED"//= Details: Description| Value ---|--- Patched:| Yes, at 25.07.2017 Latest check for patch:| 25.07.2017 18:55 GMT...