EUVD-2019-7858

Malware in sbrugna...

EUVD-2024-47989

Malicious code in bioql PyPI...

EUVD-2022-25587

Malicious code in bioql PyPI...

CVE-2024-31972

EnGenius ESR580 A8J-EMR5000 devices allow a remote attacker to conduct stored XSS attacks that could lead to arbitrary JavaScript code execution under the context of the user's session via the Wi-Fi SSID input fields. Web scripts embedded into the vulnerable fields this way are executed immediate...

CVE-2024-31975

EnGenius EWS356-Fit devices through 1.1.30 allow a remote attacker to conduct stored XSS attacks via the Wi-Fi SSID parameters. JavaScript embedded into a vulnerable field is executed when the user clicks the SSID field's corresponding EDIT button...

CVE-2024-31975

EnGenius EWS356-Fit devices through 1.1.30 allow a remote attacker to conduct stored XSS attacks via the Wi-Fi SSID parameters. JavaScript embedded into a vulnerable field is executed when the user clicks the SSID field's corresponding EDIT button...

CVE-2024-31972

EnGenius ESR580 A8J-EMR5000 devices allow a remote attacker to conduct stored XSS attacks that could lead to arbitrary JavaScript code execution under the context of the user's session via the Wi-Fi SSID input fields. Web scripts embedded into the vulnerable fields this way are executed immediate...

CVE-2024-31975

CVE-2024-31975 affects EnGenius EWS356-Fit (and ESR580) up to version 1.1.30, where a stored XSS is possible via Wi-Fi SSID parameters. The attack relies on the user interacting with the SSID EDIT button to trigger JavaScript execution. Root cause: UI/input handling in SSID parameter parsing allo...

CVE-2024-31972

CVE-2024-31972 affects EnGenius ESR580 A8J-EMR5000 devices, enabling a remote attacker to perform stored XSS via the Wi‑Fi SSID input fields. The vulnerability leads to arbitrary JavaScript execution within the user’s admin session when loading the login page, specifically impacting the endpoints...

CVE-2024-31975

EnGenius EWS356-Fit devices through 1.1.30 allow a remote attacker to conduct stored XSS attacks via the Wi-Fi SSID parameters. JavaScript embedded into a vulnerable field is executed when the user clicks the SSID field's corresponding EDIT button...

CVE-2024-31972

EnGenius ESR580 A8J-EMR5000 devices allow a remote attacker to conduct stored XSS attacks that could lead to arbitrary JavaScript code execution under the context of the user's session via the Wi-Fi SSID input fields. Web scripts embedded into the vulnerable fields this way are executed immediate...

CVE-2022-46025

Totolink N200REV5 V9.3.5u.6255B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management page...

CVE-2022-3027 Contec Health CMS8000

The CMS8000 device does not properly control or sanitize the SSID name of a new Wi-Fi access point. A threat actor could create an SSID with a malicious name, including non-standard characters that, when the device attempts connecting to the malicious SSID, the device can be exploited to write...

Cross site request forgery (csrf)

Meross Smart Wi-Fi 2 Way Wall Switch MSS550X, on its 3.1.3 version and before, creates an open Wi-Fi Access Point without the required security measures in its initial setup. This could allow a remote attacker to obtain the Wi-Fi SSID as well as the password configured by the user from Meross app...

Authentication flaw

D-Link DAP-1320 A2-V1.21 routers have some web interfaces without authentication requirements, as demonstrated by uplinkinfo.xml. An attacker can remotely obtain a user's Wi-Fi SSID and password, which could be used to connect to Wi-Fi or perform a dictionary attack...

CVE-2017-10724

Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that an attacker connected to the device Wi-Fi SSID can exploit a memory corruption issue and execute remote code on the device. This device acts as an Endoscope camera that allows...

CVE-2017-10724

CVE-2017-10724 describes a memory corruption/overflow issue in the firmware of the Shekar Endoscope. The vulnerability arises in the UDP handling path: a crafted UDP request to change the Wi‑Fi name is processed by the control_Dev_thread, leading to a call to setwifipassword which uses memcpy wit...

CVE-2017-10724

Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that an attacker connected to the device Wi-Fi SSID can exploit a memory corruption issue and execute remote code on the device. This device acts as an Endoscope camera that allows...

CVE-2017-10723

Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that an attacker connected to the device Wi-Fi SSID can exploit a memory corruption issue and execute remote code on the device. This device acts as an Endoscope camera that allows...

Arabic Text String Crashes iOS, Mac OS X

A string of Arabic text is causing some chaos with iOS and Mac OS X users. It seems wherever the text sequence shows up, whether in a tweet, webpage, or a SMS message on the Apple platform, it’s crashing apps or Safari browser sessions. The problem has been traced to the Apple Core Text technolog...