A list of my findings of security vulnerabilities and weaknesses:
Navigate CMS
Findings from a live bug hunting exercise on Navigate CMS.
Sean Wright
Motorola - Directory Traversal Investigation
Writeup of my further investigation of the Motorola MBP853 camera.
Sean Wright
Scottish Power - Open Redirect
An open redirect finding on the Scottish Power website, which allowed for an attacker to redirect the user to a site of their choosing.
Sean Wright
Sky - Plain Text Data Transmission (CVE-2018-18908 )
CVE-2018-18908: The Sky Go Windows Desktop application performs several requests over plain HTTP.
Sean Wright
CVE-2018-12499
The Motorola MBP853 firmware does not correctly validation server certificates. This allows for a Man in The Middle (MiTM) attack to take place between a Motorola MBP853 camera and the servers which communicates with.
Sean Wright
Logitech - HTTPS Downgrade Vulnerability
A finding from the Logitech support page which resulted in the login form loading and submitting over HTTP (instead of HTTPS).
Sean Wright
Edinburgh Council
Finding The landing page for the Edinburgh Council is servered over plain HTTP. This is vulnerable to Man in The Middle (MiTM) attacks. Since the login page to one’s council account is served from this page, an attacker who has managed to get MiTM could change the link to point
Sean Wright