CVE-2018-12716

The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scanresults JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its...

CVE-2018-12716

The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scanresults JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its...

CVE-2018-12716

The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scanresults JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its...

CVE-2018-12716

The CVE-2018-12716 entry describes an API service vulnerability in Google Home and Chromecast devices prior to mid-July 2018. The issue allows DNS rebinding to read scan_results JSON data and extract BSSID fields, enabling remote readers on the local network to determine the user’s physical locat...

Google Home, Chromecast Leak Location Information

Google Home and Chromecast devices allow attackers to uncover the precise physical locations of the connected gadgets thanks to two common internet of things issues present in both. A fix from Google is incoming in July. At issue is, like many other IoT devices, they don’t require authentication...

Google to Fix Location Data Leak in Google Home, Chromecast

Google in the coming weeks is expected to fix a location privacy leak in two of its most popular consumer products. New research shows that Web sites can run a simple script in the background that collects precise location data on people who have a Google Home or Chromecast device installed...

Totally Pwning the Tapplock (the API way)

An awesome researcher contacted us on the back of our recent Tapplock pwnage. We had been looking at the local BLE unlock mechanism, however he focussed instead on the mobile app API. Vangelis Stykas @evstykas has found a way to unlock any lock, plus scrape users PII and home addresses. Read his...

Microsoft Windows 10: Service: Geolocation Service

This test checks the setting for policy OpenVAS Vulnerability Test $Id: wingeolocationservice.nasl 11344 2018-09-12 06:57:52Z emoss $ Check value for Geolocation Service lfsvc Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This program is free...

June 12, 2018—KB4284826 (Monthly Rollup)

June 12, 2018—KB4284826 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4103713 released May 17, 2018 and addresses the following issues: Provides support to control use of Indirect Branch Prediction Barrier IBPB on some AMD...

CVE-2016-10673

ipip-coffee queries geolocation information from IP ipip-coffee downloads geolocation resources over HTTP, which leaves it vulnerable to MITM attacks. This could impact the integrity and availability of the data being used to make geolocation decisions by an application...

CVE-2016-10673

ipip-coffee queries geolocation information from IP ipip-coffee downloads geolocation resources over HTTP, which leaves it vulnerable to MITM attacks. This could impact the integrity and availability of the data being used to make geolocation decisions by an application...

Code injection

ipip-coffee queries geolocation information from IP ipip-coffee downloads geolocation resources over HTTP, which leaves it vulnerable to MITM attacks. This could impact the integrity and availability of the data being used to make geolocation decisions by an application...

CVE-2016-10673

ipip-coffee is vulnerable to MITM attacks because it downloads geolocation resources over HTTP. The root cause is unencrypted HTTP resource retrieval, which can allow an attacker with a privileged network position to modify or read resources, impacting the integrity and availability of geolocatio...

CVE-2016-10673

ipip-coffee queries geolocation information from IP ipip-coffee downloads geolocation resources over HTTP, which leaves it vulnerable to MITM attacks. This could impact the integrity and availability of the data being used to make geolocation decisions by an application...

CVE-2016-10594

ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...

Information disclosure

ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...

CVE-2016-10594

CVE-2016-10594 concerns the Node.js package ipip, which downloads data resources over HTTP from ipip.net. The root cause is insecure HTTP fetches, enabling a network attacker with position to modify or read the resources, potentially leading to information disclosure and, in some configurations, ...

CVE-2016-10594

ipip is a Node.js module to query geolocation information for an IP or domain, based on database by ipip.net. ipip downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...

adamvr-geoip-lite file download vulnerability

adamvr-geoip-lite is an API provided for IP geo-mapping data files. A file download vulnerability exists in adamvr-geoip-lite that originates when a program downloads geoip resources over the HTTP protocol. An attacker could use this vulnerability to read or modify the resource, affecting the...

Dnsmorph - Domain Name Permutation Engine Written In Go

DNSMORPH is a domain name permutation engine, inspired by dnstwist. It is written in Go making for a compact and very fast tool. It robustly handles any domain or subdomain supplied and provides a number of configuration options to tune permutation runs. DNSMORPH includes the following domain...