[SECURITY] Fedora 33 Update: radare2-5.4.0-1.fc33

The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and...

CVE-2021-41104

ESPHome is a system to control the ESP8266/ESP32. Anyone with webserver enabled and HTTP basic auth configured on version 2021.9.1 or older is vulnerable to an issue in which webserver allows over-the-air OTA updates without checking user defined basic auth username & password. This issue is...

PYSEC-2021-351

ESPHome is a system to control the ESP8266/ESP32. Anyone with webserver enabled and HTTP basic auth configured on version 2021.9.1 or older is vulnerable to an issue in which webserver allows over-the-air OTA updates without checking user defined basic auth username & password. This issue is...

Default credentials

ESPHome is a system to control the ESP8266/ESP32. Anyone with webserver enabled and HTTP basic auth configured on version 2021.9.1 or older is vulnerable to an issue in which webserver allows over-the-air OTA updates without checking user defined basic auth username & password. This issue is...

PYSEC-2021-351

ESPHome is a system to control the ESP8266/ESP32. Anyone with webserver enabled and HTTP basic auth configured on version 2021.9.1 or older is vulnerable to an issue in which webserver allows over-the-air OTA updates without checking user defined basic auth username & password. This issue is...

CVE-2021-41104 web_server allows OTA update without checking user defined basic auth username & password

ESPHome is a system to control the ESP8266/ESP32. Anyone with webserver enabled and HTTP basic auth configured on version 2021.9.1 or older is vulnerable to an issue in which webserver allows over-the-air OTA updates without checking user defined basic auth username & password. This issue is...

Esphome 访问控制错误漏洞

Esphome is a system to configure and manage smart hardware. It is used to control Esp8266/Esp32 hardware to realize home automation control. An Access Control Error vulnerability exists in ESPHome version 2021.9.1 and prior versions, which originates from a user being vulnerable to an issue where...

CVE-2021-41503

DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This...

CVE-2021-41503

DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access the device. NOTE: This...

Authentication flaw

UNSUPPORTED WHEN ASSIGNED DCS-5000L v1.05 and DCS-932L v2.17 and older are affecged by Incorrect Acess Control. The use of the basic authentication for the devices command interface allows attack vectors that may compromise the cameras configuration and allow malicious users on the LAN to access...

CVE-2021-41503

Summary: CVE-2021-41503 affects DCS-5000L v1.05 and DCS-932L v2.17 and older. The vulnerability stems from incorrect access control via the devices command interface, where basic authentication may enable unauthorized LAN-side access to camera configuration. Impact (per sources): someone on the l...

PT-2021-23315 · D Link · Dcs-932L +1

Name of the Vulnerable Software and Affected Versions: DCS-5000L version 1.05 and earlier DCS-932L version 2.17 and earlier Description: The issue is related to incorrect access control, allowing malicious users on the LAN to access the device due to the use of basic authentication for the device...

Special Text Boxes <= 5.9.109 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise or escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed. Put the following payload in any of the field in the 'Basic Settings' section of the plugin's setting...

-react-file-list-components (=1.1.1), 01basicreact (>=0.1.0 <=0.1.9) +38843 more potentially affected by CVE-2021-3757 via immer (>=7.0.0 <=9.0.5)

immer NPM version =7.0.0, =0.1.0, =0.1.0, =0.1.6 - 0beny1s =1.1.6 - 0i0 =1.0.10 - 0scarclassa =1.0.1 - 0scarclassb =1.0.1 - 0scarclassc =1.0.1 - 0scarclassd =1.0.1 - 0scarclasse =1.0.1 - 0scarclassf =1.0.1 - 0scarclassg =1.0.1 - 0scarclassh =1.0.1 - 0scarclassi =1.0.1 - 0scarclassj =1.0.1 and mor...

Geutebruck Remote Command Execution Exploit

This Metasploit module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and...

UBUNTU-CVE-2021-3733

There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client such as web browser connects to, could trigger a Regular Expression Denial of Service ReDOS during an authentication request with a specially crafted payload that is sen...

多款 Schneider Electric 产品路径遍历漏洞

Schneider Electric EcoStruxure Machine Expert-Basic and others are products of Schneider Electric, France.Schneider Electric EcoStruxure Machine Expert-Basic is a PLC configuration application. Schneider Electric EcoStruxure Machine Expert-Basic is a PLC configuration application program.Schneide...

Smurf DDoS attack:❗️ How it works and how to mitigate

Attacks geared at denying users access to servers are executed in different ways. One notable approach — similar in many forms of service denials — is the use of volume. The sheer volume of requests is employed by attackers to render a particular network useless. A good representation of that is...

CVE-2020-18476

SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic information field found in the avatar usdimage field...

CVE-2021-30987

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.1. A device may be passively tracked via BSSIDs...