RTOS VxWorks multiple high-risk vulnerability alerts-a vulnerability alert-the black bar safety net

Armis researchers in the VxWorks discovered 11 zero-day vulnerabilities, VxWorks is a popular real timeoperating system（RTOS）, is more than 20 million devices in use, including industrial, medical and business equipment and other mission-critical equipment. These vulnerabilities are referred to...

Critical Flaws Found in VxWorks RTOS That Powers Over 2 Billion Devices

Security researchers have discovered almost a dozen zero-day vulnerabilities in VxWorks, one of the most widely used real-time operating systems RTOS for embedded devices that powers over 2 billion devices across aerospace, defense, industrial, medical, automotive, consumer electronics, networkin...

Countdown to Black Hat: Top 10 Sessions to Attend — #4

With Black Hat USA 2019 fast approaching, we continue our blog series highlighting training sessions and research briefings that we think Qualys customers will find relevant and valuable. Our pick this week is the training session An Introduction To IoT Pentesting With Linux. The course offers “a...

Fedora Update for openocd FEDORA-2019-0a5e82cea8

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Blue Angel Software Suite - Command Execution Exploit

Exploit Title: Blue Angel Software Suite - Authenticated Command Execution Exploit Author: Paolo Serracino Vendor Homepage: http://www.5vtechnologies.com Software Link: N/A Version: All Tested on: Embedded Linux OS CVE : N/A Description: Blue Angel Software Suite, an application that runs on...

Blue Angel Software Suite - Command Execution

Blue Angel Software Suite - Command Execution Exploit Title: Blue Angel Software Suite - Authenticated Command Execution Google Dork: N/A Date: 02/05/2019 Exploit Author: Paolo Serracino Vendor Homepage: http://www.5vtechnologies.com Software Link: N/A Version: All Tested on: Embedded Linux OS CV...

Blue Angel Software Suite - Command Execution

Exploit Title: Blue Angel Software Suite - Authenticated Command Execution Google Dork: N/A Date: 02/05/2019 Exploit Author: Paolo Serracino Vendor Homepage: http://www.5vtechnologies.com Software Link: N/A Version: All Tested on: Embedded Linux OS CVE : N/A Description: Blue Angel Software Suite...

[SECURITY] Fedora 29 Update: openocd-0.10.0-11.fc29

The Open On-Chip Debugger OpenOCD provides debugging, in-system programmi ng and boundary-scan testing for embedded devices. Various different boards, targets, and interfaces are supported to ease development time. Install OpenOCD if you are looking for an open source solution for hardware...

[SECURITY] Fedora 28 Update: openocd-0.10.0-11.fc28

The Open On-Chip Debugger OpenOCD provides debugging, in-system programmi ng and boundary-scan testing for embedded devices. Various different boards, targets, and interfaces are supported to ease development time. Install OpenOCD if you are looking for an open source solution for hardware...

CVE-2018-18492: Mozilla Firefox Select Element Use-After-Free

Firefox is a free and open-source web browser developed by the Mozilla Foundation. A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options collection, which gets garbage collected, and results in a potentially...

MatrixSSL < 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates Vulnerability

MatrixSSL 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates I happened to notice that a public X.509 certificate testcase for CVE-2014-1569 caused a stack buffer overflow in MatrixSSL. I cleaned up the testcase a bit, to make a better demonstration. You can test it with the certValidate...

Denial of Service Vulnerability in Hikvision Video Playback Library SDK

Hikvision Playback Library SDK is a secondary development kit related to playback of Hikvision embedded network DVRs, video servers, and supporting products for IP devices. A denial of service vulnerability exists in the Hikvision Video Playback Library SDK. An attacker can exploit the...

Binary Vulnerability in Hikvision Video Playback Library SDK

Hikvision Playback Library SDK is a secondary development kit related to playback of Hikvision embedded network DVRs, video servers, and supporting products for IP devices. A binary vulnerability exists in the Hikvision Video Playback Library SDK. An attacker can exploit the vulnerability to caus...

GNU inetutils 1.9.4 telnet.c Overflows

GNU inetutils = 1.9.4 telnet.c multiple overflows ================================================== GNU inetutils is vulnerable to a stack overflow vulnerability in the client-side environment variable handling which can be exploited to escape restricted shells on embedded devices. Most modern...

GNU inetutils 1.9.4 - telnet.c Multiple Overflows (PoC)

GNU inetutils 1.9.4 - telnet.c Multiple Overflows PoC GNU inetutils = 1.9.4 telnet.c multiple overflows ================================================== GNU inetutils is vulnerable to a stack overflow vulnerability in the client-side environment variable handling which can be exploited to escap...

GNU inetutils &lt; 1.9.4 - &#039;telnet.c&#039; Multiple Overflows (PoC)

GNU inetutils = 1.9.4 telnet.c multiple overflows ================================================== GNU inetutils is vulnerable to a stack overflow vulnerability in the client-side environment variable handling which can be exploited to escape restricted shells on embedded devices. Most modern...

RouterSploit v3.4.0 - Exploitation Framework For Embedded Devices

The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. It consists of various modules that aids penetration testing operations: exploits - modules that take advantage of identified vulnerabilities creds - modules designed to test credentials against...

UPDATED VERSION: RouterSploit 3.4.0

PenTestIT RSS Feed RouterSploit 3.4.0, the long awaited router exploitation framework update is out guys! This release includes some really cool features and updates such as using pycryptodome from pycryptoand newer exploitation modules! Read on for the improvements. What is RouterSploit? The...

RouterSploit v3.3.0 - Exploitation Framework For Embedded Devices

The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. It consists of various modules that aids penetration testing operations: exploits - modules that take advantage of identified vulnerabilities creds - modules designed to test credentials against...

UPDATED VERSION: RouterSploit 3.3.0

PenTestIT RSS Feed Since my last update, this router exploitation framework have gone through a lot of updates. This post is about RouterSploit 3.3.0 code named I Know You Were Trouble. We will also discuss changes made to and an earlier version 3.2.0 to maintain a chain with the hopes that I kee...