Monitoring Windows Console Activity (Part 2)

This is the second of two blogs that discuss the implementation of the Windows console architecture from years past, with a primary focus on the current implementation present on modern versions of Windows. Read our first blog, "Monitoring Windows Console Activity Part 1," for more. Capturing the...

eCos Embedded Web Servers Authentication Bypass Vulnerability

eCos Embedded Web Servers is an embedded web server used in routers and other devices. A security vulnerability exists in eCos Embedded Web Servers. An attacker could use this vulnerability to bypass authentication and take control of the device...

WDTV Live SMP 2.03.20 - Remote Password Reset Exploit

Exploit for hardware platform in category web applications WDTV Live SMP Remote Password Reset Vulnerability Date: Jul 14 2017 Author: sw1tch Demo: https://www.sw1tch.net/2017/07/12/wdtv-live-smb-exploit/ Description: A simple remotely exploitable web application vulnerability for the WDTV Live...

Juniper Junos elevation of privilege vulnerability (CNVD-2017-21780)

Juniper Networks Junos OS is a network operating system dedicated to the company's hardware systems. An elevation of privilege vulnerability exists in Juniper Networks Junos, which allows a remotely authorized attacker to exploit the vulnerability to elevate privileges and take full control of th...

Ghost to reproduce: part of the WiMAX routing device to authenticate the existence of the bypass and back door vulnerability-vulnerability warning-the black bar safety net

The SEC's security personnel in some of the WiMAX router on found a vulnerability, this vulnerability allows an attacker to change the router administrator password, and then get on the vulnerabilities of the device control. Worse, if an attacker took control of these contains a vulnerability in...

Weak Password Vulnerability in Android APP of Intelligent Cold Chain Monitoring Cloud Platform

Intelligent cold chain monitoring cloud platform adopts advanced cloud platform + mobile terminal / cell phone APP method to build the whole process of controllable and scalable monitoring cloud platform. There is a weak password in the Android APP system of Intelligent Cold Chain Monitoring Clou...

Over 85% Of Smart TVs Can Be Hacked Remotely Using Broadcasting Signals

The Internet-connected devices are growing at an exponential rate, and so are threats to them. Due to the insecure implementation, a majority of Internet-connected embedded devices, including Smart TVs, Refrigerators, Microwaves, Security Cameras, and printers, are routinely being hacked and used...

Revive Adserver Elevation of Privilege Vulnerability (CNVD-2017-05631)

Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A security vulnerability exists in the www/delivery/asyncspc.php file in Revive Adserver. An attacker can...

Backdoor Vulnerability in Foxconn's Android Phone Firmware

Foxconn is an electronic parts manufacturer that assembles Android smartphones. The main products are tablets, laptops and smartphones. A backdoor vulnerability exists in the firmware of Foxconn's Android phones. Due to a vulnerability in the bootloader code responsible for launching the Android...

PT-2025-41460

Name of the Vulnerable Software and Affected Versions AVTECH devices affected versions not specified Description AVTECH devices that include the CloudSetup.cgi management endpoint are susceptible to authenticated OS command injection. The exefile parameter within the ''CloudSetup.cgi'' endpoint i...

Security Bypass Vulnerability in QQ Browser for Android

QQ Browser is a web browser developed by Tencent. A security bypass vulnerability exists in the Android version of QQ Browser. Since QQ Browser and QQ Hotspot for Android are in a local wifi LAN environment, they listen to local port 8786 and all local ip addresses. An attacker can use the...

The vulnerability of the Android operating system, which allows a hacker to increase their privileges

The vulnerability of the Qualcomm Android operating system’s component driver lies in the lack of checks for unique identifiers in the client DCI table. Exploiting this vulnerability allows a malicious actor to enhance their privileges through a specially created application...

UBUNTU-CVE-2014-9875

drivers/char/diag/diagdci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 2013 devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal bug 28767589 and Qualcomm internal bug CR483310...

CVE-2016-5337

The megasasctrlgetinfo function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information...

Information disclosure

The megasasctrlgetinfo function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information...

CVE-2016-5337

The megasasctrlgetinfo function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information...

CVE-2016-5337

The megasasctrlgetinfo function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information...

UBUNTU-CVE-2016-5337

The megasasctrlgetinfo function in hw/scsi/megasas.c in QEMU allows local guest OS administrators to obtain sensitive host memory information via vectors related to reading device control information...

USN-2997-1: Linux kernel (OMAP4) vulnerabilities

Jann Horn discovered that eCryptfs improperly attempted to use the mmap handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service system crash or possibly execute arbitrary code with...

Ubuntu 12.04 LTS : linux vulnerabilities (USN-2996-1)

Jann Horn discovered that eCryptfs improperly attempted to use the mmap handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service system crash or possibly execute arbitrary code with...