322 matches found
FreeBSD -- Insufficient bounds checking in bhyve(8) device model
Problem Description: Insufficient bounds checking in one of the device models provided by bhyve8 can permit a guest operating system to overwrite memory in the bhyve8 processing possibly permitting arbitary code execution. Impact: A guest OS using a firmware image can cause the bhyve process to...
ALPINE-CVE-2018-12892
An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Malicious guest administrators or in some situations users may be able to write to supposedly read-only di...
PT-2018-3906 · D Link · D-Link Dsl-3782
Name of the Vulnerable Software and Affected Versions: D-Link DSL-3782 version V100R001B012 Description: A flaw in the authentication mechanism of the Login Panel allows unauthenticated attackers to perform arbitrary modification to passwords and configurations while an administrator is logged in...
Xen Denial of Service Vulnerability (CNVD-2018-09328)
Xen is an open source virtual machine monitor developed by the Xen Project. A denial of service vulnerability exists in 4.10.x and earlier versions of Xen. x86 HVM client OS users can attempt an invalid transition between requested states in the QEMU device model. An attacker can exploit this...
CVE-2018-10981
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service host OS infinite loop in situations where a QEMU device model attempts to make invalid transitions between states of a request...
Cross site request forgery (csrf)
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service host OS infinite loop in situations where a QEMU device model attempts to make invalid transitions between states of a request...
CVE-2018-10981
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service host OS infinite loop in situations where a QEMU device model attempts to make invalid transitions between states of a request...
CVE-2018-10981
An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users to cause a denial of service host OS infinite loop in situations where a QEMU device model attempts to make invalid transitions between states of a request...
qemu may drive Xen into unbounded loop
ISSUE DESCRIPTION When Xen sends requests to a device model, the next expected action inside Xen is tracked using a state field. The requests themselves are placed in a memory page shared with the device model, so that the device model can communicate to Xen its progress on the request. The state...
Vivotek IP Cameras - Remote Stack Overflow (PoC) Vulnerability
Exploit for multiple platform in category remote exploits STX Subject: Vivotek IP Cameras - Remote Stack Overflow Researcher: bashis September-October 2017 PoC: https://github.com/mcw0/PoC Release date: November 13, 2017 Full Disclosure: 43 days Attack Vector: Remote Authentication: Anonymous no...
FiberHome AN5506 Unauthenticated Remote DNS Change
FIBERHOME AN5506 Unauthenticated Remote DNS Change Vulnerability Software Version RP2617 Device Model AN5506-04-F Vendor Homepage: www.fiberhome.com/ Date: 01/02/2018 Exploit Author: r0ots3c http://wandoelmo.com.br https://www.facebook.com/wsec.info Description: Vulnerability exists in web...
Default credentials
The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 uses SOAP based web services in order to interact with the portal. Unauthorized Access to Web Services can result in disclosure of the WLAN key/password...
Vivotek IP Cameras - Remote Stack Overflow (PoC)
STX Subject: Vivotek IP Cameras - Remote Stack Overflow Researcher: bashis September-October 2017 PoC: https://github.com/mcw0/PoC Release date: November 13, 2017 Full Disclosure: 43 days Attack Vector: Remote Authentication: Anonymous no credentials needed Firmware Vulnerable: Only 2017 versions...
The vulnerability of the microprogrammed software of the Philips In.Sight B120/37 wireless video camera lies in the presence of pre-installed accounts, which allow a intruder to gain access to the device.
The vulnerability of the microprogrammed software of the Philips In.Sight B120/37 wireless video camera is related to the presence of preset user accounts for access via Telnet or UART accounts like “root”, “admin”, and “mg3500” with passwords “b120root”, “/ADMIN/”, and “merlin” respectively as...
CVE-2017-16565
Cross-Site Request Forgery CSRF in /cgi-bin/login on Vonage Grandstream HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests...
Xen: Privilege Escalation
Background Xen is a bare-metal hypervisor. Description In CIRRUSBLTMODEMEMSYSSRC mode the bitblit copy routine cirrusbitbltcputovideo fails to check wethehr the specified memory region is safe. Impact A local attacker could potentially execute arbitrary code with privileges of Xen QEMU process on...
Cirrus VGA Heap overflow via display refresh
ISSUE DESCRIPTION When a graphics update command gets passed to the VGA emulator, there are 3 possible modes that can be used to update the display: blank - Clears the display text - Treats the display as showing text graph - Treats the display as showing graphics After the display geometry gets...
xen-tools -- Cirrus VGA Heap overflow via display refresh
The Xen Project reports: A privileged user within the guest VM can cause a heap overflow in the device model process, potentially escalating their privileges to that of the device model process...
CVE-2016-9637
The 1 ioportread and 2 ioportwrite functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access...
DEBIAN-CVE-2016-9637
The 1 ioportread and 2 ioportwrite functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access...