I reported the following security to the affected company in a responsible disclosure process. Some of them refer to more detailed articles in English or German.
- To be disclosed
- regioiT academe: Stored XSS (German)
- WebUntis: Stored XSS, CSRF (CVE-2020-10540, German)
- WebUntis: XSS Filter Evasion (CVE-2020-22453, German)
- Untis (Desktop): Insecure update mechanism
- Kreis Heinsberg: Sever(e/al) SQL injections (German)
- regio iT service portals for serveral cities: Stored XSS (German)
- Unifi Controller: SMTP vulnerability (CVE-2019-5456)
- Unamed company: CSRF in customer control panel
- Talk SecCamp Colgone 2019: Attacks on WPA2 Enterprise (Slides)
- MinTec: SQL Injections, Client side override (PDF, German)
- Schild NRW: Insecure update mechanism (German)
- TTN Mapper: Stored XSS (German)
- Unamed company: Missing certificate validation for enterprise wireless network (English)
- Proseminar Cryptocurrencies RWTH, Attacks on Bitcoin (German, Slides)
- CASIO: Design flaw in exam mode in fx-cg20 (German)
- Unamed company: Replay attacks on remote controls for German railway infrastructure
I want to thank all companies which support me by exchanging about the issues in a respectful way and/or gave some kind of bug bounty.
There are some issues which have been reported to companies but weren’t published in detail due to my personal decision or law impacts. For some issues I decided not to name the product or the manufacturer to avoid further problems as they might result in legal measures against me.