EUVD-2017-12055

Malware in sbrugna...

EUVD-2017-12030

Malware in sbrugna...

CVE-2023-33293

An issue was discovered in KaiOS 3.0 and 3.1. The binary /system/kaios/api-daemon exposes a local web server on .localhost with subdomains for each installed applications, e.g., myapp.localhost. An attacker can make fetch requests to api-deamon to determine if a given app is installed and read th...

Circle with Disney Apid Server Fork Denial of Service VulnerabilityI(CVE-2017-2889)

Summary An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeatedly fork, causing the daemon to run out of memory and trigger a device reboot. An attacker...

CVE-2017-2914

An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid binary, causing the device to grant unintended administrative access. An attacker needs network...

Denial of service

An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeatedly fork, causing the daemon to run out of memory and trigger a device reboot. An attacker needs...

CVE-2017-2889

An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeatedly fork, causing the daemon to run out of memory and trigger a device reboot. An attacker needs...

CVE-2017-2889

An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeatedly fork, causing the daemon to run out of memory and trigger a device reboot. An attacker needs...

CVE-2017-2889

Summary (MODE C): CVE-2017-2889 affects Circle with Disney devices (Circle firmware 2.0.1) via the APID daemon. The vulnerability arises when the APID server handles a high volume of TCP connections, forking per connection and exhausting memory, which leads to a device reboot. Reported by Cisco T...

CVE-2017-2914

An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid binary, causing the device to grant unintended administrative access. An attacker needs network...

Circle with Disney Apid Strstr Authentication Bypass Vulnerability

Summary An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid binary, causing the device to grant unintended administrative access. An attacker needs...

Circle with Disney Apid Server Fork Denial of Service Vulnerability

Summary An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeatedly fork, causing the daemon to run out of memory and trigger a device reboot. An attacker...

Ganeti - Multiple Vulnerabilities

Exploit for multiple platform in category dos / poc =begin Advisory Information Title: Ganeti Security Advisory DoS, Unauthenticated Info Leak Advisory URL: https://pierrekim.github.io/advisories/2016-ganeti-0x00.txt Blog URL: https://pierrekim.github.io/blog/2016-01-05-Ganeti-Info-Leak-DoS.html...