Flaws expose DVB-T2 set-top boxes to botnet & ransomware attacks

By Sudais Asif Two popular DVD top-set boxes are vulnerable to both botnet and ransomware attacks. This is a post from HackRead.com Read the original post: Flaws expose DVB-T2 set-top boxes to botnet & ransomware attacks...

CVE-2020-16134

An issue was discovered on Swisscom Internet Box 2, Internet Box Standard, Internet Box Plus prior to 10.04.38, Internet Box 3 prior to 11.01.20, and Internet Box light prior to 08.06.06. Given the user-configurable credentials for the local Web interface or physical access to a device's plus or...

GNOME security, bug fix, and enhancement update

accountsservice 0.6.50-8 - Dont set HasNoUsers=true if realmd has providers Related: 1750516 appstream-data 8-20191129 - Regenerate the RHEL metadata to include the latest evince changes - Resolves: 1768461 clutter 1.26.2-8 - rebuild to get the new in 8.2.0 - plus address 1785233 evince 3.28.4-4 ...

Privilege Escalation

firefox is vulnerable to privilege escalation. The vulnerability exists as a flaw was found in the way Firefox handled dialog boxes. An attacker could use this flaw to create a malicious web page that would present a blank dialog box that has non-functioning buttons. If a user closes the dialog b...

Triologic Media Player 8 Buffer Overflow

Exploit Title: Triologic Media Player 8 - '.m3l' Local Buffer Overflow Unicode SEH Date: 04/04/2020 Author: Felipe Winsnes Software Link: http://download.cnet.com/Triologic-Media-Player/3000-21394-10691520.html Version: 8 Tested on: Windows 7 x86 Proof of Concept: 1.- Run the python script, it wi...

Easy RM to MP3 Converter 2.7.3.700 - 'Input' Local Buffer Overflow (SEH)

Exploit Title: Easy RM to MP3 Converter 2.7.3.700 - 'Input' Local Buffer Overflow SEH Date: 2020-03-26 Author: Felipe Winsnes Software Link: https://www.exploit-db.com/apps/707414955696c57b71c7f160c720bed5-EasyRMtoMP3Converter.exe Version: 2.7.3.700 Tested on: Windows 7 x86 Proof of Concept: 1.-...

Kyocera ECOSYS M5526CDW Buffer Overflow Vulnerability

The Kyocera ECOSYS M5526CDW is a multifunction printer from Kyocera Japan. A buffer overflow vulnerability exists in multiple parameters of the 'Document Boxes' function of the web application in the Kyocera ECOSYS M5526CDW version 2R72000.001.701, which can be exploited by an attacker to cause t...

CVE-2019-14512

LimeSurvey 3.17.7+190627 has XSS via Boxes in application/extensions/PanelBoxWidget/views/box.php or a label title in application/views/admin/labels/labelviewview.php...

CVE-2019-14512

LimeSurvey 3.17.7+190627 has XSS via Boxes in application/extensions/PanelBoxWidget/views/box.php or a label title in application/views/admin/labels/labelviewview.php...

Code injection

LimeSurvey 3.17.7+190627 has XSS via Boxes in application/extensions/PanelBoxWidget/views/box.php or a label title in application/views/admin/labels/labelviewview.php...

CVE-2019-13206

Some Kyocera printers such as the ECOSYS M5526cdw 2R72000.001.701 were affected by a buffer overflow vulnerability in multiple parameters of the Document Boxes functionality of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the devic...

CVE-2019-13206

Some Kyocera printers such as the ECOSYS M5526cdw 2R72000.001.701 were affected by a buffer overflow vulnerability in multiple parameters of the Document Boxes functionality of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the devic...

Buffer overflow

Some Kyocera printers such as the ECOSYS M5526cdw 2R72000.001.701 were affected by a buffer overflow vulnerability in multiple parameters of the Document Boxes functionality of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the devic...

CVE-2019-13206

CVE-2019-13206 affects Kyocera ECOSYS M5526CDW (2R7_2000.001.701) where a buffer overflow in multiple parameters of the web-based Document Boxes function can be triggered by an authenticated user, enabling Denial of Service (crash) and potentially arbitrary code execution. The connected sources c...

CVE-2019-13206

Some Kyocera printers such as the ECOSYS M5526cdw 2R72000.001.701 were affected by a buffer overflow vulnerability in multiple parameters of the Document Boxes functionality of the web application that would allow an authenticated attacker to perform a Denial of Service attack, crashing the devic...

osinfo-db and libosinfo security and bug fix update

gnome-boxes 3.28.5-7 - Bump the release to 3.28.5-7 - Related: 1739897 3.28.5-7 - Filter off unsupported architectures - Related: 1739897 3.28.5-6 - Revert 'Add 3D acceleration option powered by virgl' - Related: 1647004 3.28.5-5 - Add 3D acceleration option powered by virgl - Resolves: 1647004...

On-Board 'Mystery Boxes' Threaten Global Shipping Vessels

Commercial shipping environments are rife with vulnerabilities, according to researchers – up to and including unpatched “mystery boxes” that no one knows anything about. “In every single nautical pen test to date we have unearthed a system or device, that of the few crew that were aware, no one...

WAES - Auto Enums Websites And Dumps Files As Result

Doing HTB or other CTFs enumeration against targets with HTTPS can become trivial. It can get tiresome to always run the same script/tests on every box eg. nmap, nikto, dirb and so on. A one-click on target with automatic reports coming solves the issue. Furthermore, with a script the enum proces...

Inside the Hidden World of Elevator Phone Phreaking

Eavesdropping, reprogramming, talking to strangers: Welcome to the harmless and not-so-harmless fun of hacking elevator call boxes...

GHSA-87MG-H5R3-HW88 Cross-Site Scripting in bootbox

All version of bootbox are vulnerable to Cross-Site Scripting. The package does not sanitize user input in the provided dialog boxes, allowing attackers to inject HTML code and execute arbitrary JavaScript. Recommendation Sanitize user input being passed to bootbox or consider using an alternativ...