CVE-2020-7231

Evoko Home 1.31 devices provide different error messages for failed login requests depending on whether the username is valid...

CVE-2020-7232

Evoko Home devices 1.31 through 1.37 allow remote attackers to obtain sensitive information such as usernames and password hashes via a WebSocket request, as demonstrated by the sockjs/224/uf1psgff/websocket URI at a wss:// URL...

EUVD-2020-28359

Malware in sbrugna...

EUVD-2020-28360

Malware in sbrugna...

EUVD-2024-51183

Malicious code in bioql PyPI...

CVE-2024-12903

Incorrect default permissions vulnerability in Evoko Home, affecting version 2.4.2 to 2.7.4. A non-admin user could exploit weak file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised machine. It has been identified that full control...

CVE-2024-12903 Incorrect default permissions in Biamp Evoko Home

Incorrect default permissions vulnerability in Evoko Home, affecting version 2.4.2 to 2.7.4. A non-admin user could exploit weak file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised machine. It has been identified that full control...

CVE-2024-12903

CVE-2024-12903 concerns Biamp Evoko Home, affected in versions 2.4.2–2.7.4. The root cause is “incorrect default permissions” leading to full-control on the Everyone group, enabling a non-admin user with local access to escalate privileges, execute arbitrary code, and maintain persistence on the ...

CVE-2024-12903 Incorrect default permissions in Biamp Evoko Home

Incorrect default permissions vulnerability in Evoko Home, affecting version 2.4.2 to 2.7.4. A non-admin user could exploit weak file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised machine. It has been identified that full control...

Biamp Evoko Home 安全漏洞

Biamp Evoko Home is a conference room and desk reservation system from Biamp. A security vulnerability exists in Biamp Evoko Home that originates from a non-administrative user being able to exploit weak file and folder permissions to elevate privileges and execute arbitrary code...

PT-2024-17791 · Evoko · Evoko Home

Name of the Vulnerable Software and Affected Versions: Evoko Home versions 2.4.2 through 2.7.4 Description: The issue is related to incorrect default permissions in Evoko Home, allowing a non-admin user to exploit weak file and folder permissions and potentially escalate privileges, execute...

Evoko Home Information Disclosure Vulnerability

Evoko Home is a smart home device. A security vulnerability exists in Evoko Home version 1.31. The vulnerability can be exploited by a remote attacker to obtain sensitive information via a WebSocket request...

CVE-2020-7231

Evoko Home 1.31 devices provide different error messages for failed login requests depending on whether the username is valid...

CVE-2020-7231

Evoko Home 1.31 devices provide different error messages for failed login requests depending on whether the username is valid...

CVE-2020-7232

Evoko Home devices 1.31 through 1.37 allow remote attackers to obtain sensitive information such as usernames and password hashes via a WebSocket request, as demonstrated by the sockjs/224/uf1psgff/websocket URI at a wss:// URL...

CVE-2020-7232

Evoko Home devices 1.31 through 1.37 allow remote attackers to obtain sensitive information such as usernames and password hashes via a WebSocket request, as demonstrated by the sockjs/224/uf1psgff/websocket URI at a wss:// URL...

Code injection

Evoko Home 1.31 devices provide different error messages for failed login requests depending on whether the username is valid...

CVE-2020-7231

CVE-2020-7231 affects Evoko Home 1.31 devices. The vulnerability is described as the login process returning different error messages depending on whether the username is valid, which can enable username enumeration (information disclosure) without details on exploited vectors, affected component...

CVE-2020-7231

Evoko Home 1.31 devices provide different error messages for failed login requests depending on whether the username is valid...

CVE-2020-7232

Evoko Home devices 1.31 through 1.37 allow remote attackers to obtain sensitive information such as usernames and password hashes via a WebSocket request, as demonstrated by the sockjs/224/uf1psgff/websocket URI at a wss:// URL...