DEBIAN-CVE-2016-9800

In BlueZ 5.42, a buffer overflow was observed in "pincodereplydump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "pincodereplycp cp" parameter...

CVE-2016-9800

In BlueZ 5.42, a buffer overflow was observed in "pincodereplydump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "pincodereplycp cp" parameter...

UBUNTU-CVE-2016-9800

In BlueZ 5.42, a buffer overflow was observed in "pincodereplydump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "pincodereplycp cp" parameter...

CVE-2016-9800

In BlueZ 5.42, a buffer overflow was observed in "pincodereplydump" function in "tools/parser/hci.c" source file. The issue exists because "pin" array is overflowed by supplied parameter due to lack of boundary checks on size of the buffer from frame "pincodereplycp cp" parameter...

Secret smart watch and fitness band how to leak your ATM password-vulnerability warning-the black bar safety net

! In this article at the beginning,I would like to start by asking you a simple question:your dominant hand is the left hand or right hand? This is a very simple question,this question will not bring you any loss. But the next question is not necessarily:are you in your dominant hand wearing a...

Disclosure of user actions through JavaScript with motion and orientation sensors — Mozilla

Security researcher Maryam Mehrnezhad of Newcastle University, UK reported an issue discovered by their research team, which also includes Ehsan Toreini, Siamak F. Shahandashti, and Feng Hao. They found vulnerabilities in Firefox for Android using orientation data and motion sensors on a mobile...

Bypass of application specific PIN - ownCloud

The ownCloud Android application does support setting a PIN that has to be provided before the application can be opened. An attacker may remove the PIN by clearing the application data via the Android system settings. By doing that the application information would be removed while the...

FingerTec Default Root Password / Remote Enrollment

Exploit Title: Default Root Password and Remote Enrollment on FingerTec Devices Date: 12-01-2016 Exploit Author: Daniel Lawson Contact: http://twitter.com/fang0654 Website: https://digital-panther.com Category: physical access control 1. Description Almost all FingerTec Access Control devices are...

FingerTec Fingerprint Reader - Remote Access and Remote Enrolment

FingerTec Fingerprint Reader - Remote Access and Remote Enrolment Exploit Title: Default Root Password and Remote Enrollment on FingerTec Devices Date: 12-01-2016 Exploit Author: Daniel Lawson Contact: http://twitter.com/fang0654 Website: https://digital-panther.com Category: physical access...

Swept the world of security applications AppLock, the same may leak your privacy-vulnerability warning-the black bar safety net

! Security researchers found that the DoMobile Ltd. The company developed the well-known Android security app AppLock presence of a plurality of vulnerabilities, vulnerable to hacker attacks. AppLock app lock description App lock in over 5 0 countries with 1 billion users, it itself supports 2-4...

Fragment Injection vulnerability bloopers-vulnerability warning-the black bar safety net

1 3 time of the year, IBM's security researchers discovered 1 Google framework layer of vulnerability Fragment injection vulnerability, this vulnerability can lead to Android phone the PIN code is reset, everyone should be on the figure 1 is not strange. This vulnerability after the industry of t...

Thycotic Password Manager Secret Server iOS Application - MITM SSL Certificate Vulnerability

Thycotic Password Manager Secret Server iOS Application - MITM SSL Certificate Vulnerability -- http://www.info-sec.ca/advisories/Thycotic-SecretServer.html Overview "With the Password Manager Secret Server app, you can access passwords for an EXISTING on-premise Secret Server or Secret Server...

Smartwatch Hacked... Data Exchange with Smartphone Not So Secure

We are living in an era of smart devices that we sync with our smartphones and make our lives very simple and easy, but these smart devices that inter-operates with our phones could leave our important and personal data wide open to hackers and cybercriminals. Security researchers have demonstrat...

Code injection

Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or terminal access to enter this code...

CVE-2014-2942

Cobham Aviator 700D/700E satellite terminals are affected by CVE-2014-2942 due to use of a broken/risky cryptographic algorithm to generate PINs. This enables a local, unauthenticated attacker to calculate a superuser PIN and gain full control of the terminal, given physical access or access to t...

CVE-2014-2942

Cobham Aviator 700D and 700E satellite terminals use an improper algorithm for PIN codes, which makes it easier for attackers to obtain a privileged terminal session by calculating the superuser code, and then leveraging physical access or terminal access to enter this code...

Grand MA 300 Fingerprint Reader insufficient encryption

PIN code is not encrypted during transfer...

Cobham Aviator satellite terminals contain multiple vulnerabilities

Overview Cobham Aviator 700D and 700E satellite terminals contain multiple vulnerabilities. Description Cobham Aviator 700D and 700E satellite communication terminals contain the following vulnerabilities:CWE-327:Use of a Broken or Risky Cryptographic Algorithm - CVE-2014-2942 Please note that th...

Apple iOS 6.1.3 Fixes Evasion Jailbreak Bug, WebKit Flaw

Apple has patched a handful of security vulnerabilities in iOS, including a bug that was used for the latest iPhone jailbreak tool, called Evasion. Apple iOS 6.1.3 has patches for six vulnerabilities, including the screen lock bypass bug and a flaw in WebKit that can be used to execute arbitrary...

Twitter SMS-Spoofing Bug Allows Attackers to Send Tweets From Users' Accounts, Edit Profiles

There is a bug in the way that Twitter handles a feature that enables users to post messages via SMS and the researcher who discovered the bug says that it allows anyone who knows a user’s mobile number to not only tweet from the user’s account but also modify information in the user’s profile. T...