Exploit for OS Command Injection in Webmin

CVE-2019–15107 - Unauthenticated RCE Webmin =1.920 This...

Code Execution Vulnerability in 37GameBox of Shanghai Hardtone Network Technology Co.

37GameBox is a web game box tool under Sanqi Entertainment. Ltd. 37GameBox suffers from a code execution vulnerability that can be exploited by an attacker to execute an executable program containing arbitrary code during the immediate experience after installation...

picketbox: JBoss EAP reload to admin-only mode allows authentication bypass

A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user...

Authentication Bug Opens Android Smart-TV Box to Data Theft

A critical bug in the Hindotech HK1 TV Box would allow root-privilege escalation thanks to improper access control. A successful exploit would allow attackers to steal social-networking account tokens, Wi-Fi passwords, cookies, saved passwords, user-location data, message history, emails, contact...

black-box-music.de Improper Access Control vulnerability OBB-1395257

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Scanners-Box

This is a collection of open-source scanning tools, referred to as "Scanners Box" or "scanbox," maintained by the user "We5ter" on GitHub. The repository contains various tools for scanning and testing different aspects of a system or network, including subdomain enumeration, database vulnerabili...

Remote Code Execution (RCE)

chakracore is vulnerable to remote code execution. The vulnerability exists due to a memory error when StackScriptFunction::BoxState::Box, in lib/Runtime/Library/StackScriptFunction.cpp, is called...

NaCl Is Not a High-Level API

When talking about high-level application cryptography APIs I usually hear mentioned libsodium, Tink, pyca/cryptography, and NaCl. One of these things is not like the others! The value NaCl had 10 years ago was that it was an opinionated library at a time when all cryptography libraries were...

CVE-2020-11618

THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access via the TELNET protocol...

muzik-box.ru Cross Site Scripting vulnerability OBB-1275675

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

‘DiceKeys’ Creates a Master Password for Life With One Roll

A new kit leaves your cryptographic destiny up to 25 cubes in a plastic box...

The vulnerability of the function `box_blur_line` in the vector graphics rendering library librsvg allows a attacker to cause a service failure.

The vulnerability of the function boxblurline in the vector graphics rendering library librsvg is related to errors that occur during the division by zero operations. Exploiting this vulnerability could allow a malicious actor to cause a service failure by using a specially created SVG file...

CVE-2020-16134

An issue was discovered on Swisscom Internet Box 2, Internet Box Standard, Internet Box Plus prior to 10.04.38, Internet Box 3 prior to 11.01.20, and Internet Box light prior to 08.06.06. Given the user-configurable credentials for the local Web interface or physical access to a device's plus or...

Design/Logic Flaw

An issue was discovered on Swisscom Internet Box 2, Internet Box Standard, Internet Box Plus prior to 10.04.38, Internet Box 3 prior to 11.01.20, and Internet Box light prior to 08.06.06. Given the user-configurable credentials for the local Web interface or physical access to a device's plus or...

CVE-2020-16134

Affected products: Swisscom Internet Box 2, Internet Box Standard, Internet Box Plus prior to 10.04.38, Internet Box 3 prior to 11.01.20, and Internet Box light prior to 08.06.06. Vulnerability: an attacker with (user-configurable) local Web interface credentials or physical access to the device’...

CVE-2020-16134

An issue was discovered on Swisscom Internet Box 2, Internet Box Standard, Internet Box Plus prior to 10.04.38, Internet Box 3 prior to 11.01.20, and Internet Box light prior to 08.06.06. Given the user-configurable credentials for the local Web interface or physical access to a device's plus or...

Design/Logic Flaw

An attacker with access to an InMail voicemail box equipped with the find me/follow me feature on Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices, may access the system's administration modem...

CVE-2019-20032

An attacker with access to an InMail voicemail box equipped with the find me/follow me feature on Aspire-derived NEC PBXes, including all versions of SV8100, SV9100, SL1100 and SL2100 devices, may access the system's administration modem...

pdfbox: unbounded computation in parser resulting in a denial of service

In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree...

Kali-Linux-Tools-Interface - Graphical Web Interface Developed To Facilitate The Use Of Security Information Tools

A graphical interface to use information security tools by the browser. Getting Started Kali Linux Tools Interface is a graphical interface to use information security tools by the browser. The project uses the Kali Linux tools as a reference because it is the distribution that has the largest...