vulnerability | KALYPTO (IN)SECURITY

Research, demonstrations, and popcorn

NetGear Vulnerability Expanded

A vulnerability was discovered in some NetGear routers that allows remote command execution by visiting a malicious site or a legitimate site that has malicious ads served to it via AdSense or any number of other ad services. The vulnerability allows execution of Linux commands by simply appending the command to a URL. The commands execute with…

Facebook Vulnerability… They ignored it until now.

Note: I was not going to post on this originally since Facebook refused to fix the issue. I like sharing things I find, but not if it is going to screw over a bunch of people. However, others have now found the hole and are publicly demonstrating it. Back on May 7th my mother was trying…

Buffalo Wild Wings Kiosks

Note: I left some information out of this post because Buffalo Wild Wings has not closed the security hole. They also did not even bother responding to me when I attempted to contact them MANY times. I explained the dangers of not responding and closing the security hole, but as of today, I have yet…

Vulnerability Found: [REMOVED] Engineering

The information I release for this vulnerability will be limited since the issue has not been patched. I contacted [REMOVED] Engineering a little over a month ago and was told that they will be resolving the issue. As of today (November 1st, 2014) the site appears to still be vulnerable. This vulnerability leaks information about employees…

Vulnerability Found: BIOMIDS

The information I release for this vulnerability will be limited since the issue has not been patched. As with the Radixx vulnerability, I contacted BIOMIDS twice over a month ago requesting someone get in touch with me so I can discuss the vulnerability with them, but they have not responded so far. The vulnerability in this case…