ABB Cylon Aspect 3.08.01 File Upload MD5 Checksum Bypass

ABB Cylon Aspect 3.08.01 badassMode File Upload MD5 Checksum Bypass Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy managemen...

ABB Cylon Aspect 3.08.01 jsonProxy.php Username Enumeration Vulnerability

ABB Cylon Aspect version 3.08.01 is vulnerable to username enumeration in the jsonProxy.php endpoint. An unauthenticated attacker can interact with the UserManager servlet to enumerate valid usernames on the system. Since jsonProxy.php proxies requests to internal services without requiring...

TitanNit Web Control 2.01 / Atemio 7600 Root Remote Code Execution

Summary The Atemio AM 520 HD Full HD satellite receiver enables the reception of digital satellite programs in overwhelming image quality in both SD and HD ranges. In addition to numerous connections, the small all-rounder offers a variety of plugins that can be easily installed thanks to the lar...

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Directory Traversal File Write Vulnerability

Exploit Title: SOUND4 IMPACT/FIRST/PULSE/Eco v2.x - Directory Traversal File Write Exploit Exploit Author: LiquidWorm Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15...

MiniDVBLinux 5.4 SVDRP Control

MiniDVBLinux 5.4 Simple VideoDiskRecorder Protocol SVDRP svdrpsend.sh Exploit Vendor: MiniDVBLinux Product web page: https://www.minidvblinux.de Affected version: =5.4 Summary: MiniDVBLinuxTM Distribution MLD. MLD offers a simple way to convert a standard PC into a Multi Media Centre based on the...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

CVE-2021-4034 Precompiled builds for CVE-2021-4034. Of course...

Adtec Digital Products Hardcoded Credentials / Remote Root

Exploit Title: Adtec Digital Multiple Products - Default Hardcoded Credentials Remote Root Date: 2020-07-24 Exploit Author: LiquidWorm Software Link: https://www.adtecdigital.com / https://www.adtecdigital.com/support/documents-downloads Version: Multiple Adtec Digital Multiple Products - Default...

Linux/ARM - Fork Bomb Shellcode (20 bytes)

Title: Linux/ARM - Fork Bomb Shellcode 20 bytes Category: Shellcode Tested: armv7l 32-bitRaspberry Pi 2 Model B OS: Raspbian Buster Lite Author: CJHackerz Description: This shellcode creates new processes in infinite loop to exhaust CPU resources leading to crash / Compilation instruction...

FaceSentry Access Control System 6.4.8 - Remote Command Injection Vulnerability

Exploit for hardware platform in category web applications FaceSentry Access Control System 6.4.8 Remote Command Injection Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 build...

FaceSentry Access Control System 6.4.8 - Remote Root Exploit

!/usr/bin/env python -- coding: utf-8 -- FaceSentry Access Control System 6.4.8 Remote Root Exploit Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0 build 539 Algorithm A14...

FLIR Systems FLIR AX8 Thermal Camera 1.32.16 Arbitrary File Disclosure

FLIR Systems FLIR AX8 Thermal Camera 1.32.16 Arbitrary File Disclosure Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected version: Firmware: 1.32.16 1.17.13 OS: necov1.8-0-g7ffe5b3 Hardware: Flir Systems Neco Board Summary: Thermal Imaging Camera For Continuous Condition a...

FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution

Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected version: Firmware: 1.32.16, 1.17.13, OS: necov1.8-0-g7ffe5b3, Hardware: Flir Systems Ne...

Linux/ARM - read(0, buf, 0xff) stager + execve("/bin/sh", NULL, NULL) Shellcode 20 Bytes

/ Title: Linux/ARM - read0, buf, 0xff stager + execve"/bin/sh", NULL, NULL Shellcode 20 Bytes Tested: armv7l Raspberry Pi 3 Model B+ Author: Ken Kitahara System Information pi@raspberrypi: $ uname -a Linux raspberrypi 4.14.52-v7+ 1123 SMP Wed Jun 27 17:35:49 BST 2018 armv7l GNU/Linux...

Linux/ARM - read(0, buf, 0xff) stager + execve("/bin/sh", NULL, NULL) Shellcode (28 Bytes)

Linux/ARM - read0, buf, 0xff stager + execve"/bin/sh", NULL, NULL Shellcode 28 Bytes. Shellcode exploit for ARM platform / Title: Linux/ARM - read0, buf, 0xff stager + execve"/bin/sh", NULL, NULL Shellcode 28 Bytes Date: 2018-08-30 Tested: armv7l Raspberry Pi 3 Model B+ Author: Ken Kitahara...

Linux/ARM - Bind (4444/TCP) Shell +IPv6 Shellcode (128 Bytes)

Linux/ARM - Bind 4444/TCP Shell +IPv6 Shellcode 128 Bytes. Shellcode exploit for ARM platform / Title: Linux/ARM - IPv6 4444/TCP Bind Shellcode 128 Bytes Date: 2018-07-25 Tested: armv7l Raspberry Pi 3 Model B+ Author: Ken Kitahara pi@raspberrypi: $ uname -a Linux raspberrypi 4.14.52-v7+ 1123 SMP...

openSUSE Security Update : gcc48 (openSUSE-2017-1223)

This update for gcc48 fixes the following issues : Security issues fixed : - A new option -fstack-clash-protection is now offered, which mitigates the stack clash type of attacks. bnc1039513 Future maintenance releases of packages will be built with this option. - CVE-2017-11671: Fixed...

SUSE SLED12 / SLES12 Security Update : gcc48 (SUSE-SU-2017:2526-1)

This update for gcc48 fixes the following issues: Security issues fixed : - A new option -fstack-clash-protection is now offered, which mitigates the stack clash type of attacks. bnc1039513 Future maintenance releases of packages will be built with this option. - CVE-2017-11671: Fixed rdrand/rdse...

Linux/ARM - execve("/bin/sh", NULL, 0) Shellcode (34 bytes)

Linux/ARM - execve"/bin/sh", NULL, 0 Shellcode 34 bytes. Shellcode exploit for ARM platform / Title: Linux/ARM - execve"/bin/sh", NULL, 0 - 34 bytes Date: 2017-03-31 Tested: armv7l Author: Jonathan 'dummys' Borgeaud - twitter: @dummys1337 fapperz.org Shellcode ARM without 0x20, 0x0a and 0x00...

openSUSE Security Update : socat (openSUSE-2015-324)

socat was updated 1.7.2.4 to fix one security issue and bugs. The following vulnerabilities were fixed : - socats PROXY-CONNECT address was vulnerable to a buffer overflow with data from command line CVE-2014-0019, boo860991 The following bugs were fixed : - socat would frequently crash on ppc an...