175 matches found
RouterSploit v3.0 - Exploitation Framework For Embedded Devices
The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. It consists of various modules that aids penetration testing operations: exploits - modules that take advantage of identified vulnerabilities creds - modules designed to test credentials against...
Exploitation Framework for Embedded Devices: RouterSploit
The RouteSploit Framework is an open-source exploitation framework dedicated to embedded devices. The RouteSploit Framework consists of various modules that aids penetration testing operations: exploits – modules that take advantage of identified vulnerabilities creds – modules designed to test...
[SECURITY] Fedora 28 Update: monitorix-3.10.1-1.fc28
Monitorix is a free, open source and lightweight system monitoring tool designed to monitor as many services and system resources as possible. It h as been created to be used under production Linux/UNIX servers, but due to its simplicity and small size may also be used on embedded devices as well...
[SECURITY] Fedora 26 Update: monitorix-3.10.1-1.fc26
Monitorix is a free, open source and lightweight system monitoring tool designed to monitor as many services and system resources as possible. It h as been created to be used under production Linux/UNIX servers, but due to its simplicity and small size may also be used on embedded devices as well...
TROMMEL - Sift Through Directories of Files to Identify Indicators That May Contain Vulnerabilities
TROMMEL sifts through directories of files to identify indicators that may contain vulnerabilities. TROMMEL identifies the following indicators related to: Secure Shell SSH key files Secure Socket Layer SSL key files Internet Protocol IP addresses Uniform Resource Locator URL email addresses shel...
shadowsocks-libev 3.1.0 - Command Execution
shadowsocks-libev 3.1.0 - Command Execution X41 D-Sec GmbH Security Advisory: X41-2017-010 Command Execution in Shadowsocks-libev ====================================== Overview -------- Severity Rating: High Confirmed Affected Versions: 3.1.0 Confirmed Patched Versions: N/A Vendor: Shadowsocks...
Hardcoded credentials
Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another...
Authentication flaw
SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. "eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood packets fails to validate and handle the packets and does not ask for any si...
Internet Bug Bounty: CVE-2017-8798 - miniupnp getHTTPResponse chunked encoding integer signedness error
Integer signedness error in miniupnpc 1 allows remote attackers to cause a denial of service condition access violation and heap corruption via specially crafted HTTP response An integer signedness error was found in miniupnp's miniwget allowing an unauthenticated remote entity typically located ...
Moxa AWK Series Devices Detection (HTTP)
HTTP based detection of Moxa AWK Series Devices Industrial Wireless LAN Solutions. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
'Anonymous' FTP Servers Leaving Healthcare Data Exposed
Hackers craving personal health care information are targeting exposed FTP servers. The FBI issued a warning last week that focused on an increase in criminal activity targeting FTP servers used by medical and dental organizations that are configured to allow anonymous access without...
KasperskyOS — Secure Operating System released for IoT and Embedded Systems
Russian cyber security and antivirus vendor Kaspersky Lab has made available the much awaited KasperskyOS, a secure-by-design operating system based on Microkernel architecture which is specially designed for network devices, industrial control systems and the Internet of Things. The operating...
Zeroshell 3.6.03.7.0 Net Services - Remote Code Execution
Zeroshell 3.6.03.7.0 Net Services - Remote Code Execution Exploit Title: Zeroshell - Net Services Unauthenticated Remote Code Execution | RCE Date: 13.01.2017 Exploit Author: Ozer Goker Vendor Homepage: http://www.zeroshell.org Software Link: www.zeroshell.org/download/ Version: 3.6.0 & 3.7.0...
Zeroshell 3.6.0/3.7.0 Net Services - Remote Code Execution
Exploit Title: Zeroshell - Net Services Unauthenticated Remote Code Execution | RCE Date: 13.01.2017 Exploit Author: Ozer Goker Vendor Homepage: http://www.zeroshell.org Software Link: www.zeroshell.org/download/ Version: 3.6.0 & 3.7.0 Introduction Zeroshell is a small Linux distribution for...
INSIDE Secure MatrixSSL Denial of Service Vulnerability (CNVD-2016-09588)
INSIDE Secure MatrixSSL is an embedded, open source SSLv3 stack from INSIDE Secure, France, designed for small applications and devices. A denial of service vulnerability exists in MatrixSSL, which can be exploited by an attacker to cause a denial of service...
MatrixSSL contains multiple vulnerabilities
Overview MatrixSSL, version 3.8.5 and earlier, contains heap overflow, out-of-bounds read, and unallocated memory free operation vulnerabilities. Description CWE-122: Heap-based Buffer Overflow - CVE-2016-6890The Subject Alt Name field of X.509 certificates is not properly parsed. A specially...
IoT Botnets Are The New Normal of DDoS Attacks
If you’ve been on the wrong end of what passes for a modern-day DDoS attack, you’re well familiar with the firepower of the almighty DVR. That’s right, the innocuous set-top box responsible for the posterity of your Game of Thrones seasons 1-6 is behind some of the biggest swarming attacks agains...
Number of Devices Sharing Private Crypto Keys Up Sharply
Researchers at SEC Consult say the number of internet gateways, routers, modems and other embedded devices sharing cryptographic keys and certificates is up 40 percent since the Austrian consulting firm first looked at the problem in November. The report, posted Tuesday called “House of Keys,”...
RouterSploit - Router Exploitation Framework
The RouteSploit Framework is an open-source exploitation framework dedicated to embedded devices. It consists of various modules that aids penetration testing operations: exploits - modules that take advantage of identified vulnerabilities creds - modules designed to test credentials against...
Advanced Malware targeting Internet of the Things and Routers
Anything connected to the Internet could be hacked and so is the Internet of Things IoTs. The market fragmentation of IoTs or Internet-connected devices is a security nightmare, due to poor security measures implemented by their vendors. Now, the researchers at security firm ESET have discovered ...