USN-3910-2 linux-lts-xenial, linux-aws vulnerabilities

USN-3910-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the f2fs filesystem implementation in the Linux kernel did not...

Walkthrough. Investigating an SSD

I had an interesting job come in. A client wants the data off a dead SSD, and it’s a model that regular data recovery companies won’t deal with, an SK Hynix drive. It’s used extensively on many Dell laptops. The drive is NVMe which means it uses several PCIe lanes for communication. First things...

Design/Logic Flaw

The Web manager aka Commander on Korenix JetPort 5601 and 5601f devices has Persistent XSS via the Port Alias field under Serial Setting...

CVE-2019-9725

The Web manager aka Commander on Korenix JetPort 5601 and 5601f devices has Persistent XSS via the Port Alias field under Serial Setting...

CVE-2019-9725

The CVE-2019-9725 entry describes a Persistent XSS flaw in the Web manager (Commander) of Korenix JetPort 5601 and 5601f devices, exploitable via the Port Alias field under Serial Setting. Affected component: Web UI; root cause: input in Port Alias not properly sanitized, enabling stored/reflecti...

CVE-2019-9725

The Web manager aka Commander on Korenix JetPort 5601 and 5601f devices has Persistent XSS via the Port Alias field under Serial Setting...

The vulnerability of the opensc authentication package for smart cards and system USB tokens in the Astra Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the opensc authentication package for smart cards and operating system USB tokens in Astra Linux is related to incorrect operation of the Rutek S drivers. Exploiting this vulnerability can allow a hacker to cause service failure...

RealTerm Serial Terminal 2.0.0.70 Echo Port Buffer Overflow

!/usr/bin/python Exploit Title: RealTerm: Serial Terminal 2.0.0.70 - 'Echo Port' Buffer Overflow - SEH Version: 2.0.0.70 Credits to: Alejandra Sanchez for finding initial DoS https://www.exploit-db.com/exploits/46391 Matteo Malvica for creating initial PoC https://www.exploit-db.com/exploits/4644...

OpenMRS Anti-serial Command Execution Vulnerability

OpenMRS is a patient-based medical record system. OpenMRS has an anti-serial command execution vulnerability in versions prior to 2.24.0 that can be exploited by an attacker to execute commands...

New Flaws Re-Enable DMA Attacks On Wide Range of Modern Computers

Security researchers have discovered a new class of security vulnerabilities that impacts all major operating systems, including Microsoft Windows, Apple macOS, Linux, and FreeBSD, allowing attackers to bypass protection mechanisms introduced to defend against DMA attacks. Known for years, Direct...

British Airways Entertainment System Buffer Overflow Vulnerability

The British Airways Entertainment System is an in-flight audio-visual entertainment system. A security vulnerability exists in the British Airways Entertainment System installed on Boeing 777-36NER and other aircraft, which arises from a program that does not prevent the USB charge/digit transfer...

CVE-2018-20785

Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. During startup, the AM335x secure boot feature decrypts and executes firmware. Secure boot can be bypassed by starting with certain commands to the USB serial port. Although a power cycle occurs, thi...

Design/Logic Flaw

Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. During startup, the AM335x secure boot feature decrypts and executes firmware. Secure boot can be bypassed by starting with certain commands to the USB serial port. Although a power cycle occurs, thi...

CVE-2018-20785

Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. During startup, the AM335x secure boot feature decrypts and executes firmware. Secure boot can be bypassed by starting with certain commands to the USB serial port. Although a power cycle occurs, thi...

CVE-2018-20785

CVE-2018-20785 affects Neato Botvac Connected 2.2.0. The AM335x secure boot can be bypassed by issuing certain commands to the USB serial port during startup, allowing execution of an unsigned QNX IFS image via a boot menu (XMODEM). A power cycle does not fully reset the chip, leaving memory cont...

CVE-2018-20785

Secure boot bypass and memory extraction can be achieved on Neato Botvac Connected 2.2.0 devices. During startup, the AM335x secure boot feature decrypts and executes firmware. Secure boot can be bypassed by starting with certain commands to the USB serial port. Although a power cycle occurs, thi...

RealTerm Serial Terminal 2.0.0.70 - Echo Port Buffer Overflow (SEH)

RealTerm Serial Terminal 2.0.0.70 - Echo Port Buffer Overflow SEH Exploit Title: RealTerm: Serial Terminal 2.0.0.70 - 'Echo Port' Buffer Overflow - SEH Date: 21.02.2019 Exploit Author: Matteo Malvica Vendor Homepage: https://realterm.sourceforge.io/ Software Link:...

RealTerm Serial Terminal 2.0.0.70 Echo Port Buffer Overflow

Exploit Title: RealTerm: Serial Terminal 2.0.0.70 - 'Echo Port' Buffer Overflow - SEH Date: 21.02.2019 Exploit Author: Matteo Malvica Vendor Homepage: https://realterm.sourceforge.io/ Software Link: https://sourceforge.net/projects/realterm/files/ Version: 2.0.0.70 Category: Local Contact:...

RealTerm Serial Terminal 2.0.0.70 - Echo Port Buffer Overflow (SEH) Exploit

Exploit for windows platform in category local exploits Exploit Title: RealTerm: Serial Terminal 2.0.0.70 - 'Echo Port' Buffer Overflow - SEH Date: 21.02.2019 Exploit Author: Matteo Malvica Vendor Homepage: https://realterm.sourceforge.io/ Software Link:...

RealTerm Serial Terminal 2.0.0.70 - 'Echo Port' Buffer Overflow (SEH)

Exploit Title: RealTerm: Serial Terminal 2.0.0.70 - 'Echo Port' Buffer Overflow - SEH Date: 21.02.2019 Exploit Author: Matteo Malvica Vendor Homepage: https://realterm.sourceforge.io/ Software Link: https://sourceforge.net/projects/realterm/files/ Version: 2.0.0.70 Category: Local Contact:...