Intel USB 3.0 eXtensible Host Controller Driver Local Code Injection Vulnerability

Intel USB 3.0 eXtensible Host Controller Driver for Microsoft Windows 7 is a USB Universal Serial Bus 3.0 eXtensible Host Controller Driver for the Windows 7 platform from Intel Corporation. Host Controller Driver for Microsoft Windows 7. A code injection vulnerability exists in the installer in...

Sinking a ship and hiding the evidence

Our earlier work on Voyage Data Recorder manipulation got us thinking about how a malicious individual or organisation might bring about the demise of a ship and hide the evidence. There are plenty of ways to get malware on to a ship. Whether it’s via satcoms, phishing, USB, crew Wi-Fi, dodgy DVD...

Realterm Serial Terminal 2.0.0.70 - Denial of Service Exploit

-- coding: utf-8 -- Exploit Title: RealTerm: Serial Terminal 2.0.0.70 - 'Port' Denial of Service PoC Author: Alejandra Sánchez Vendor Homepage: https://realterm.sourceforge.io/ Software Link: https://sourceforge.net/projects/realterm/files/ Version: 2.0.0.70 Tested on: Windows 10 Proof of Concept...

Realterm Serial Termianl 2.0.0.70 Buffer Overflow

-- coding: utf-8 -- Exploit Title: RealTerm: Serial Terminal 2.0.0.70 - 'Echo Port' Overflow Crash SEH PoC Date: 16/02/2019 Author: Alejandra SA!nchez Vendor Homepage: https://realterm.sourceforge.io/ Software Link: https://sourceforge.net/projects/realterm/files/ Version: 2.0.0.70 Tested on:...

Realterm Serial Terminal 2.0.0.70 - Denial of Service

Realterm Serial Terminal 2.0.0.70 - Denial of Service -- coding: utf-8 -- Exploit Title: RealTerm: Serial Terminal 2.0.0.70 - 'Port' Denial of Service PoC Date: 15/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://realterm.sourceforge.io/ Software Link:...

Realterm Serial Terminal 2.0.0.70 - Local Buffer Overflow (SEH) Exploit

-- coding: utf-8 -- Exploit Title: RealTerm: Serial Terminal 2.0.0.70 - 'Echo Port' Overflow Crash SEH PoC Author: Alejandra Sánchez Vendor Homepage: https://realterm.sourceforge.io/ Software Link: https://sourceforge.net/projects/realterm/files/ Version: 2.0.0.70 Tested on: Windows 10 / Windows ...

Realterm Serial Terminal 2.0.0.70 - Local Buffer Overflow (SEH)

Realterm Serial Terminal 2.0.0.70 - Local Buffer Overflow SEH -- coding: utf-8 -- Exploit Title: RealTerm: Serial Terminal 2.0.0.70 - 'Echo Port' Overflow Crash SEH PoC Date: 16/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://realterm.sourceforge.io/ Software Link:...

Realterm Serial Terminal 2.0.0.70 - Denial of Service

-- coding: utf-8 -- Exploit Title: RealTerm: Serial Terminal 2.0.0.70 - 'Port' Denial of Service PoC Date: 15/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://realterm.sourceforge.io/ Software Link: https://sourceforge.net/projects/realterm/files/ Version: 2.0.0.70 Tested on: Windows 10...

Realterm Serial Terminal 2.0.0.70 - Local Buffer Overflow (SEH)

-- coding: utf-8 -- Exploit Title: RealTerm: Serial Terminal 2.0.0.70 - 'Echo Port' Overflow Crash SEH PoC Date: 16/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://realterm.sourceforge.io/ Software Link: https://sourceforge.net/projects/realterm/files/ Version: 2.0.0.70 Tested on:...

RealTerm Serial Terminal 2.0.0.70 Denial Of Service

-- coding: utf-8 -- Exploit Title: RealTerm: Serial Terminal 2.0.0.70 - 'Port' Denial of Service PoC Date: 15/02/2019 Author: Alejandra SA!nchez Vendor Homepage: https://realterm.sourceforge.io/ Software Link: https://sourceforge.net/projects/realterm/files/ Version: 2.0.0.70 Tested on: Windows 1...

Linux kernel denial of service vulnerability (CNVD-2019-38527)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A denial of service vulnerability exists in the changeportsettings file in drivers/usb/serial/ioti.c in Linux kernel versions prior to 4.11.3. A local attacker could...

PT-2019-3247 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.0.4 Description: The issue is related to a use-after-free error in the Linux kernel, specifically in the ipmi si module, which can be exploited to execute arbitrary code or cause a denial of service. This is d...

FireOS Flaw Allowed Limited Content Injection in Amazon Tablets

A vulnerability in the operating system of Amazon’s Fire Tablets could allow a hacker to inject malicious content into Settings, Legal and Compliance, Terms of Use and Privacy sections of the device. The bug could also allow an adversary to capture the serial number of the tablet. The Fire Tablet...

UBUNTU-CVE-2018-20340

Yubico libu2f-host 1.1.6 contains unchecked buffers in devs.c, which could enable a malicious token to exploit a buffer overflow. An attacker could use this to attempt to execute malicious code using a crafted USB device masquerading as a security token on a computer where the affected library is...

Amazon FireOS 5.3.6.3 Man-In-The-Middle

Original blog post here: https://wwws.nightwatchcybersecurity.com/2019/02/07/content-injection-in-amazon-kindles-fireos-cve-2019-7399/ SUMMARY The FireOS operating system provided by Amazon for Fire tablet devices can be injected with malicious content by an MITM attacker. An attacker can also...

CVE-2019-6535

Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet...

CVE-2019-6535

Mitsubishi Electric Q03/04/06/13/26UDVCPU: serial number 20081 and prior, Q04/06/13/26UDPVCPU: serial number 20081 and prior, and Q03UDECPU, Q04/06/10/13/20/26/50/100UDEHCPU: serial number 20101 and prior. A remote attacker can send specific bytes over Port 5007 that will result in an Ethernet...

Design/Logic Flaw

In changeportsettings in drivers/usb/serial/ioti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates...

DEBIAN-CVE-2017-18360

In changeportsettings in drivers/usb/serial/ioti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates...

CVE-2017-18360

In changeportsettings in drivers/usb/serial/ioti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates...