ZTE ZXV10 B860A Information Disclosure Vulnerability

The ZTE ZXV10 B860A is a network set-top box from China's ZTE Corporation ZTE. The ZTE ZXV10 B860A suffers from an information disclosure vulnerability that stems from the device not adequately validating logs, which can be exploited by an attacker to gain access to sensitive user information for...

CVE-2021-21722

A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further information detection and attacks. This affects: ZXV10 B860A V2.1-TV0032.1.1.04jiangsuTelecom...

ZTE ZXV10 B860A 日志信息泄露漏洞

The ZTE ZXV10 B860A is a network set-top box from China's ZTE Corporation ZTE. The ZTE ZXV10 B860A suffers from an information disclosure vulnerability that stems from the device not adequately validating logs, which can be exploited by an attacker to gain access to sensitive user information for...

IPeakCMS 3.5 SQL Injection

Exploit Title: IPeakCMS 3.5 - Boolean-based blind SQLi Date: 07.12.2020 Exploit Author: MoeAlbarbari Vendor Homepage: https://ipeak.ch/ Software Link: N/A Version: 3.5 Tested on: BackBox Linux CVE : CVE-2021-3018 Check the CMS version :goto www.site.com/cms/ and you will notice that in the login...

Amino Communications Trust Management Issues Vulnerability

The Amino Communications AK45x series, among others, is a family of television set-top box devices from Amino UK. Amino Communications has a trust management issue vulnerability that stems from the use of hard-coded passwords, which can be exploited by a local attacker to view and interact with t...

Trust Management Issues Vulnerabilities in Various Amino Communications Products

The Amino Communications AK45x series, among others, is a family of television set-top box devices from Amino UK. Amino Communications has a trust management issue vulnerability in a number of its products, which arises from a root user hard-coded SSH key that can be exploited by an attacker to...

h1-ctf: 12 Days of CTF Walkthroughs

h1-ctf: 12 Days of Hacky Holidays This is my writeup for 12 Days of Hacky Holidays. The report is written such that beginners to CTFs will be able to learn the tricks of the trade. The Mission: The Grinch has gone hi-tech this year with the intention of ruining the holidays 😱We need you to...

h1-ctf: h1 hacky holidays CTF solution

Simple script to print all the flags. Full solution to follow want to spend more time writing this, but am racing to be first 10 submissions: echo "Flag 1 -- robots.txt" curl https://hackyholidays.h1ctf.com/robots.txt 2/dev/null | grep flag echo "" echo "Flag 2 -- js descrambed --...

FRITZ!Box 7.20 - DNS Rebinding Protection Bypass Vulnerability

Exploit Title: FRITZ!Box 7.20 - DNS Rebinding Protection Bypass Date: 2020-06-23 Exploit Author: RedTeam Pentesting GmbH Vendor Homepage: https://en.avm.de/ Version: 7.20 CVE: 2020-26887 Advisory: FRITZ!Box DNS Rebinding Protection Bypass RedTeam Pentesting discovered a vulnerability in FRITZ!Box...

Smart Hospital 3.1 Cross Site Scripting

Exploit Title: Smart Hospital 3.1 - "Add Patient" Stored XSS Exploit Author: Kislay Kumar Date: 2020-12-18 Vendor Homepage: https://smart-hospital.in/index.html Software Link: https://codecanyon.net/item/smart-hospital-hospital-management-system/23205038 Affected Version: Version 3.1 Tested on:...

FRITZ!Box 7.20 - DNS Rebinding Protection Bypass

Exploit Title: FRITZ!Box 7.20 - DNS Rebinding Protection Bypass Date: 2020-06-23 Exploit Author: RedTeam Pentesting GmbH Vendor Homepage: https://en.avm.de/ Version: 7.20 CVE: 2020-26887 Advisory: FRITZ!Box DNS Rebinding Protection Bypass RedTeam Pentesting discovered a vulnerability in FRITZ!Box...

Stopping Active Attacks with Penalty Box

Unfortunately, today's sophisticated web application threats have gained some advantages over typical WAFs: Favorable odds -- WAFs must correctly identify attacks 100% of the time, whereas attackers have the luxury of only needing to find a single bypass or evasion Temporary fixes -- Many WAFs us...

Depix - Recovers Passwords From Pixelized Screenshots

Depix is a tool for recovering passwords from pixelized screenshots. This implementation works on pixelized images that were created with a linear box filter. In this article I cover background information on pixelization and similar research. Example python depix.py -p...

Stored XSS Vulnerability in Root the Box Frontend

Root the Box is a real-time capture-tagging CTF scoring engine for computer war games in which to practice and learn. The application can be easily configured and modified for any CTF style game. Root the Box suffers from a stored XSS vulnerability in the frontend that can be exploited by an...

Congrats to the winners of the 2020 December Metasploit community CTF

Thank you all that participated in the 2020 December Metasploit community CTF! The four day CTF was well received by the community, with 874 teams and 1903 users registered! We’ve included the high-level stats and the competition winners below. If you played the CTF and want to let the Metasploit...

Incorrect Alert Box Handling

Incorrect handling of alert box display in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to present confusing browser UI via a crafted HTML page...

China's Baidu Android Apps Caught Collecting Sensitive User Data

Two popular Android apps from Chinese tech giant Baidu were temporarily unavailable on the Google Play Store in October after they were caught collecting sensitive user details. The two apps in question—Baidu Maps and Baidu Search Box —were found to collect device identifiers, such as the...

com.boxframework:box-server_2.12 (>=1.2.22 <=1.2.23), com.codacy:codacy-seed-client-akka-http_2.12 (>=1.1.0-master.51.7b7549c_akka25Circe08 <=1.2.0_akka25Circe08) +1 more potentially affected by CVE-2020-28452 via com.softwaremill.akka-http-session:core_2.12 (>=0.3.0 <=0.6.0)

com.softwaremill.akka-http-session:core2.12 MAVEN version =0.3.0, =1.2.22, =1.1.0-master.51.7b7549cakka25Circe08, =0.3.0, =0.6.0 Source cves: CVE-2020-28452 Source advisory: SNYK:JAVA-COMSOFTWAREMILLAKKAHTTPSESSION-1046674...

CVE-2020-7842

Improper Input validation vulnerability exists in Netis Korea D'live AP which could cause arbitrary command injection and execution when the time setting using ntpServerlp1 parameter for the users. This affects D'live set-top box APWF2429TB v1.1.10...

Input validation

Improper Input validation vulnerability exists in Netis Korea D'live AP which could cause arbitrary command injection and execution when the time setting using ntpServerlp1 parameter for the users. This affects D'live set-top box APWF2429TB v1.1.10...