EUVD-2018-9941

Malware in sbrugna...

subaruovh.actunet.com Cross Site Scripting vulnerability OBB-4034140

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Subaru STARLINK Flaw Enabled Remote Tracking and Control of Vehicles

Subaru STARLINK flaw exposed a critical security vulnerability, enabling unauthorized access to vehicle tracking, remote control, and sensitive…...

Subaru Security Flaws Exposed Its System for Tracking Millions of Cars

Now-fixed web bugs allowed hackers to remotely unlock and start any of millions of Subarus. More disturbingly, they could also access at least a year of cars’ location histories—and Subaru employees still can...

subaru-svx.net Cross Site Scripting vulnerability OBB-3888433

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

usedcars.subaru.co.uk Cross Site Scripting vulnerability OBB-3774312

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

subaru-opava.cz Cross Site Scripting vulnerability OBB-3423400

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

subaru-korea.com Cross Site Scripting vulnerability OBB-1325035

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

subaru.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1121262 Security Researcher rajeshappsec Helped patch 116 vulnerabilities Received 4 Coordinated Disclosure badges Received 17 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting subaru.com website and...

Code injection

A vulnerability in the update mechanism of Subaru StarLink Harman head units 2017, 2018, and 2019 may give an attacker with physical access to the vehicle's USB ports the ability to rewrite the firmware of the head unit. This occurs because the device accepts modified QNX6 filesystem images as lo...

CVE-2018-18203

A vulnerability in the update mechanism of Subaru StarLink Harman head units 2017, 2018, and 2019 may give an attacker with physical access to the vehicle's USB ports the ability to rewrite the firmware of the head unit. This occurs because the device accepts modified QNX6 filesystem images as lo...

CVE-2018-18203

The CVE-2018-18203 entry describes a vulnerability in Subaru StarLink Harman head units (2017–2019) where the update mechanism accepts modified QNX6 filesystem images due to a check that permits unsigned images. With physical access to the vehicle’s USB ports, an attacker could rewrite the head u...

CVE-2018-18203

A vulnerability in the update mechanism of Subaru StarLink Harman head units 2017, 2018, and 2019 may give an attacker with physical access to the vehicle's USB ports the ability to rewrite the firmware of the head unit. This occurs because the device accepts modified QNX6 filesystem images as lo...

partners.subaru.com XSS vulnerability

Open Bug Bounty ID: OBB-657022 Description| Value ---|--- Affected Website:| partners.subaru.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

drive.subaru.com XSS vulnerability

Open Bug Bounty ID: OBB-556021 Description| Value ---|--- Affected Website:| drive.subaru.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Japanese Subaru car, was traced to the presence of flaws vulnerability bug, able to clone the key to open the door electronic key-vulnerability warning-the black bar safety net

Recently, a man named Tom Wimmenhove the Dutch electronics industry Planner at multi Subaru car key system of the invention a serious Network Security Plan drawbacks, manufacturers today have yet to fix this vulnerability flaws bug, but the vulnerability flaws of the bug will incur Subaru car is...

subaru.epcdata.ru XSS vulnerability

Vulnerable URL:...

Subaru car software vulnerability analysis—never a failure of token-vulnerability warning-the black bar safety net

Not long ago, one from California car, information security researcher Aaron Guzman, in Australia, held a computer security conference to introduce a black into the Subaru car of the method. In his own 2017 Subaru WRX STI was found in a surprising number of software vulnerabilities, through these...

partners-qa.subaru.com XSS vulnerability

Vulnerable URL: https://partners-qa.subaru.com/customloginpage/pages/login.jsp?requestid=%22%3E%3Csvg/onload=prompt/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...

partners.subaru.com XSS vulnerability

Vulnerable URL: https://partners.subaru.com/customloginpage/pages/login.jsp?requestid=%22%3E%3Csvg/onload=prompt/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...