CVE-2017-9333

OpenWebif 1.2.5 is vulnerable to remote code execution via the CallOPKG function in the IpkgController class (plugin/controllers/ipkg.py) when an attacker-controlled URL references a Trojan horse package. The issue arises if untrusted users can trigger CallOPKG calls and can enter arbitrary URLs ...

Reflected Cross-Site Scripting Vulnerability in YiDaCMS Yidacms.html.asp Page

YidaCMS website management system is a simple, practical and efficient website builder. A reflective cross-site scripting vulnerability exists in the YiDaCMS Yidacms.html.asp page. An attacker can construct an XSS statement and perform a pop-up box operation to obtain user cookies and other...

Design/Logic Flaw

A vulnerability in the HTTP remote procedure call RPC service of set-top box STB receivers manufactured by Cisco for Yes could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability exists because the firmware of an affected...

CVE-2017-6631

A vulnerability in the HTTP remote procedure call RPC service of set-top box STB receivers manufactured by Cisco for Yes could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability exists because the firmware of an affected...

CVE-2017-6631

A vulnerability in the HTTP remote procedure call RPC service of set-top box STB receivers manufactured by Cisco for Yes could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability exists because the firmware of an affected...

Cisco Yes Set-Top Box Denial of Service vulnerability

A vulnerability in the HTTP remote procedure call RPC service of set-top box STB receivers manufactured by Cisco for Yes could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability exists because the firmware of an affected...

CVE-2014-8872

Improper Verification of Cryptographic Signature in AVM FRITZ!Box 6810 LTE after firmware 5.22, FRITZ!Box 6840 LTE after firmware 5.23, and other models with firmware 5.50...

Input validation

Improper Verification of Cryptographic Signature in AVM FRITZ!Box 6810 LTE after firmware 5.22, FRITZ!Box 6840 LTE after firmware 5.23, and other models with firmware 5.50...

AVM FRITZ!Box 6810 LTE and FRITZ!Box 6840 LTE Code Injection Vulnerability

AVM FRITZ!Box 6810 LTE and FRITZ!Box 6840 LTE are both router products from AVM Germany. A code injection vulnerability exists in the AVM FRITZ!Box 6810 LTE and FRITZ!Box 6840 LTE, which stems from the program failing to properly verify cryptographic signatures. A remote attacker could exploit th...

CVE-2014-8872

Improper Verification of Cryptographic Signature in AVM FRITZ!Box 6810 LTE after firmware 5.22, FRITZ!Box 6840 LTE after firmware 5.23, and other models with firmware 5.50...

CVE-2014-8872

Summary: CVE-2014-8872 covers an improper verification of cryptographic signatures in AVM FRITZ!Box firmware images. Affected products (examples): FRITZ!Box 6810 LTE (firmware 5.22+), FRITZ!Box 6840 LTE (firmware 5.23+), and other models with firmware 5.50. Root cause (as described): The firmware...

WPScan v2.9.4 - Black Box WordPress Vulnerability Scanner

WPScan is a black box WordPress vulnerability scanner. INSTALL WPScan comes pre-installed on the following Linux distributions: BackBox Linux Kali Linux Pentoo SamuraiWTF BlackArch On macOS WPScan is packaged by Homebrew as wpscan. Windows is not supported We suggest you use the official Docker...

Wallarm goes to Singapore

By Leonid iaitskyi. — Own work., CC BY-SA 3.0, What: Hack In The Box GSEC SINGAPORE 2017 When: August 21st — 25th 2017 Where: InterContinental Singapore Why go: REASON 1: Meet Wallam and find out how to extend your security team with AI REASON 2: Go to the talk by Ivan Novikov and find what the...

minidjvu denial of service vulnerability (CNVD-2017-25770)

minidjvu is a command-line utility for encoding and decoding single-page black-and-white DjVu files with the ability to compress multiple pages, taking advantage of similarities between pages. A denial of service vulnerability exists in the mdjvubitmapgetboundingbox function in base/4bitmap.c in...

Cross-site scripting vulnerability in OurPHP search box

OurPHP 傲派建站系统 is a website content management system developed using PHP language, the developer is Harbin Weicheng Technology Co. A cross-site scripting vulnerability exists in the search box of OurPHP version 1.7.3, due to the failure of the system's search box to strictly filter parameters...

Code injection

The Comcast firmware on Motorola MX011ANM firmware version MX011AN2.9p6s1PRODsey devices allows remote attackers to conduct successful forced-pairing attacks between an RF4CE remote and a set-top box by repeatedly transmitting the same pairing code...

CVE-2017-9493

The Comcast firmware on Motorola MX011ANM firmware version MX011AN2.9p6s1PRODsey devices allows remote attackers to conduct successful forced-pairing attacks between an RF4CE remote and a set-top box by repeatedly transmitting the same pairing code...

CVE-2017-9493

The Comcast firmware on Motorola MX011ANM firmware version MX011AN2.9p6s1PRODsey devices allows remote attackers to conduct successful forced-pairing attacks between an RF4CE remote and a set-top box by repeatedly transmitting the same pairing code...

GNOME librsvg 'rsvg-filter.c' denial of service vulnerability

GNOME librsvg is an open source SVG graphics development library for the GNOME project. A security vulnerability exists in the 'boxblurline' function of the rsvg-filter.c file in GNOME librsvg version 2.40.17. An attacker can exploit the vulnerability to cause a denial of service condition...

UBUNTU-CVE-2017-11464

A SIGFPE is raised in the function boxblurline of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero...