228 matches found
CVE-2021-38111
The DEF CON 27 badge allows remote attackers to exploit a buffer overflow by sending an oversized packet via the NFMI Near Field Magnetic Induction protocol...
Buffer overflow
The DEF CON 27 badge allows remote attackers to exploit a buffer overflow by sending an oversized packet via the NFMI Near Field Magnetic Induction protocol...
CVE-2021-38111
The CVE-2021-38111 entry concerns the DEF CON 27 badge, which communicates over NFMI. The vulnerability is a buffer overflow caused by receiving an oversized NFMI packet, enabling remote attackers to potentially exploit the device. The CVSS metrics in the initial record show a CVSS 3.1 base score...
CVE-2021-38111
The DEF CON 27 badge allows remote attackers to exploit a buffer overflow by sending an oversized packet via the NFMI Near Field Magnetic Induction protocol...
CVE-2021-38111
The DEF CON 27 badge allows remote attackers to exploit a buffer overflow by sending an oversized packet via the NFMI Near Field Magnetic Induction protocol...
Reboot of PunkSpider Tool at DEF CON Stirs Debate
Researchers will release a reboot of a controversial tool that crawls the web to identify back-end vulnerabilities in websites in the hopes that companies will quickly fix them and reduce security risks. However, experts have mixed feelings about the tool called PunkSpider, created by the analyti...
CVE-2020-6950
Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter...
DEBIAN-CVE-2020-25668
A flaw was found in Linux Kernel because access to the global variable fgconsole is not properly synchronized leading to a use after free in confontop...
Why Geek Pride Day is Something to be Proud Of
It’s fair to say that the majority of us who work in cybersecurity are ‘of a certain mindset’. There’s something that comes with the culture and tradition of personal computing, coding, and data that fosters an interest in elements of geek counter culture. Happy to wear our fandoms, obsessions, a...
kernel: race condition between the VT_DISALLOCATE ioctl and closing/opening of ttys, causing a use-after-free in con_shutdown().
A use-after-free flaw was found in the Linux kernel’s Virtual Terminal subsystem in how a user calls the VTDISALLOCATE ioctl during the closing/opening of ttys. This flaw allows a local user to crash the system...
Linux kernel code issue vulnerability (CNVD-2020-61025)
Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A code issue vulnerability exists in Linux kernel confontop, which arises from an improperly designed or implemented code development process for a networked system or...
UBUNTU-CVE-2020-25668
A flaw was found in Linux Kernel because access to the global variable fgconsole is not properly synchronized leading to a use after free in confontop...
Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371
A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files...
Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371
A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files...
Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371
A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files...
Mojarra: Path traversal via either the loc parameter or the con parameter, incomplete fix of CVE-2018-14371
A flaw was found in Eclipse Mojarra before version 2.3.14, where it is vulnerable to a path traversal flaw via the loc parameter or the con parameter. An attacker could exploit this flaw to read arbitrary files...
Phirautee - A PoC Crypto Virus To Spread User Awareness About Attacks And Implications Of Ransomwares
A proof of concept crypto virus to spread user awareness about attacks and implications of ransomwares. Phirautee is written purely using PowerShell and does not require any third-party libraries. This tool steals the information, holds an organisation’s data to hostage for payments or permanentl...
Flaws in Samsung Phones Exposed Android Users to Remote Attacks
New research disclosed a string of severe security vulnerabilities in the 'Find My Mobile'—an Android app that comes pre-installed on most Samsung smartphones—that could have allowed remote attackers to track victims' real-time location, monitor phone calls, and messages, and even delete data...
Researcher Demonstrates Several Zoom Vulnerabilities at DEF CON 28
Popular video conferencing app Zoom has addressed several security vulnerabilities, two of which affect its Linux client that could have allowed an attacker with access to a compromised system to read and exfiltrate Zoom user data—and even run stealthy malware as a sub-process of a trusted...
Researcher Demonstrates Several Zoom Vulnerabilities at DEF CON 28
Popular video conferencing app Zoom has addressed several security vulnerabilities, two of which affect its Linux client that could have allowed an attacker with access to a compromised system to read and exfiltrate Zoom user data—and even run stealthy malware as a sub-process of a trusted...