[SECURITY] Fedora 18 Update: monitorix-3.3.1-1.fc18

Monitorix is a free, open source, lightweight system monitoring tool design ed to monitor as many services and system resources as possible. It has been created to be used under production Linux/UNIX servers, but due to its simplicity and small size may also be used on embedded devices as well...

Unauthorized Access Backdoor found in D-Link router Firmware Code

A number of D-Link routers reportedly have an issue that makes them susceptible to unauthorized backdoor access. The researcher Craig, specialized on the embedded device hacking - demonstrated the presence of a backdoor within some DLink routers that allows an attacker to access the administratio...

Monkey HTTPd 1.1.1 - Crash (PoC)

Title: ====== Monkey HTTPD 1.1.1 - Denial of Service Vulnerability Date: ===== 2013-05-28 References: =========== http://bugs.monkey-project.com/ticket/181 Introduction: ============= Monkey is a lightweight and powerful web server for GNU/Linux. It has been designed to be very scalable with low...

Compromising Embedded Linux Routers with Metasploit

Normally we don't get a lot of contributions regarding embedded devices. Even when they are an interesting target from the pentesting point of view, and is usual to find them out of DMZ zones on corporate networks. Maybe it's because access to these devices or the software running in top of them ...

Security researchers will disclose vulnerabilities in Embedded, ARM, x86 & NFC

Security researchers are expected to disclose new vulnerabilities in near field communication NFC, mobile baseband firmware, HTML5 and Web application firewalls next week at the Black Hat USA 2012 security conference. The Black Hat session aim to expose sometimes shocking vulnerabilities in widel...

Weak RSA Keys Plague Embedded Devices, But Experts Caution Against Panic

If all of the noise about weak RSA keys and compromised cryptosystems in the last few days has done anything, it’s to confirm what many in the cryptography community have known for quite a long time: When it comes to implementing cryptosystems, there are a whole lot of people doing it wrong...

Was The Three Character Password Used To Hack South Houston's Water Treatment Plant A Siemens Default?

Siemens said on Tuesday that it is working with the U.S. Department of Homeland Security to investigate a cyber intrusion into a water treatment plant in South Houston, Texas, but couldn’t confirm that a default, three digit password hard coded into an application used to control the company’s...

SSL Certificate Chain Contains Unnecessary Certificates

At least one of the X.509 certificates sent by the remote host is not required to form a path from the server's own certificate to the CA. This may indicate that the certificate bundle installed with the server's certificate is for certificates lower in the certificate hierarchy. Some SSL...

Group Publishes Database of Embedded Private SSL Keys

A new project has produced a large and growing list of the private SSL keys that are hard-coded into many embedded devices, such as consumer home routers. The LittleBlackBox Project comprises a list of more than 2,000 private keys right now, each of which can be associated with the public key of ...

GoAhead Webserver 2.18 Source Code Disclosure

Exploit Title: GoAheaad Webserver Source Code Disclosure Vulnerability Date: 5-28-10 Author: Sil3ntDre4m Software Link: http://data.goahead.com/Software/Webserver/2.1.8/webs218.zip Version: 2.18 and earlier Tested on: Windows Affects: Windows platform only Code :...

GoAheaad WebServer - Source Code Disclosure

GoAheaad WebServer - Source Code Disclosure Exploit Title: GoAheaad Webserver Source Code Disclosure Vulnerability Date: 5-28-10 Author: Sil3ntDre4m Software Link: http://data.goahead.com/Software/Webserver/2.1.8/webs218.zip Version: 2.18 and earlier Tested on: Windows Affects: Windows platform...

GoAheaad Webserver Source Code Disclosure Vulnerability

Exploit for windows platform in category remote exploits ======================================================= GoAheaad Webserver Source Code Disclosure Vulnerability ======================================================= Exploit Title: GoAheaad Webserver Source Code Disclosure Vulnerability...

Scan of Internet Uncovers Thousands of Vulnerable Embedded Devices

Researchers scanning the internet for vulnerable embedded devices have found nearly 21,000 routers, webcams and VoIP products open to remote attack, due to the fact that their administrative interfaces are publicly viewable from anywhere on the internet and their owners have failed to change the...

CVE-2006-1206

Matt Johnston Dropbear SSH server 0.47 and earlier, as used in embedded Linux devices and on general-purpose operating systems, allows remote attackers to cause a denial of service connection slot exhaustion via a large number of connection attempts that exceeds the MAXUNAUTHCLIENTS defined value...

DEBIAN-CVE-2006-1206

Matt Johnston Dropbear SSH server 0.47 and earlier, as used in embedded Linux devices and on general-purpose operating systems, allows remote attackers to cause a denial of service connection slot exhaustion via a large number of connection attempts that exceeds the MAXUNAUTHCLIENTS defined value...