Forced Entry: A Security Test for Automatic Garage Doors

In this blog entry we revisit threats to automatic garage doors by using SDR to test two attack scenarios. We demonstrate a rolling code attack and one that involves a hidden remote feature...

Ann Day honey network capture“use of the ElasticSearch Groovy vulnerability Monroe coin(Dog)mining”event analysis-vulnerability warning-the black bar safety net

1, Overview 2019 6 May 13, Ann Day honey network capture to use CVE-2015-1427ElasticSearch Groovyremote command execution vulnerability attacks. The vulnerability principle is Elaticsearch groovy as a scripting language, and based on the use of black and white lists of the sandbox mechanism to...

CVE-2018-16168

LogonTracer 1.2.0 and earlier allows remote attackers to conduct Python code injection attacks via unspecified vectors...

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2374-1) (Foreshadow)

The SUSE Linux Enterprise 12 SP3 Azure kernel was updated to 4.4.143 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the...

Microsoft Browser Memory Corruption (CVE-2018-1023)

A memory corruption vulnerability exists in Microsoft Browser. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

SUSE-SU-2018:0170-1 Security update for perl-XML-LibXML

This update for perl-XML-LibXML fixes the following issues: - CVE-2017-10672: A use-after-free allowed remote attackers to potentially execute arbitrary code by controlling the arguments to a replaceChild call bsc1046848...

Remote code execution in rwiki

The editing form in RWiki 2.1.0pre1 through 2.1.0 allows remote attackers to execute arbitrary Ruby code via unknown attack vectors...

Parent Helper App Has Multiple Vulnerabilities

Parent's Helper APP is a mobile home-school communication software developed by Beijing Aopeng Distance Education Center Co. The Parent's Helper APP is vulnerable to arbitrary user registration and arbitrary password reset. An attacker can register any account and reset any password by capturing...

Arbitary Code Injection

AFNetworking is vulnerable to arbitrary code injection. It uses a hard-coded multipart form data boundary, potentially allowing an attacker to inject and execute malicious code...

Internet Explorer EPM sandbox out vulnerability analysis CVE-2 0 1 4-6 3 5 0-a vulnerability warning-the black bar safety net

0x00 Preface Author: James Forshaw Original: link This month Microsoft fixed 3 different IE enhanced protected mode EPM sandbox out of vulnerabilities by me the original author, the same below）at 8 months of disclosure. The Sandbox is Project Zero I also participated in the most major concern the...

v8: information leak fixed in Google Chrome 38.0.2125.101

Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of double-precision floating-point numbers, which allows remote attackers to obtain sensitive...

Threat Outbreak Alert: Fake Account Invoice Statement Email Messages on October 26, 2013

Medium Alert ID: 31504 First Published: 2013 October 28 17:39 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain an account invoice statement for the recipient. The text in the email message attempts to persuade the recipie...

HP OpenView Network Node Manager 'execvp_nc()' Code Execution Vulnerability

HP OpenView Network Node Manager OV NNM is prone to a remote code-execution vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE ...

flinx <= 1.3 (category.php id) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================================= flinx Exploit : Target.il/flinxpath/category.php?id=SQL-CODE tables and columns names = table : flinxcat columns : name / catid = table : flinxlink columns : name / url /...

Update Protection against Multiple Microsoft Office Vulnerabilities (MS06-012)

Several remote code execution vulnerabilities exist in Microsoft Office, including vulnerabilities in Excel, Power Point and Word. A remote attacker may create a malicious Excel, PowerPoint or Word file and host it on a Web site or send it as an email attachment. This may allow an attacker to...

PHP Classifieds 6.0.5 - Cross-Site Scripting

PHP Classifieds 6.0.5 - Cross-Site Scripting source: https://www.securityfocus.com/bid/5022/info PHP Classifieds has been reported to be prone to cross-site scripting attacks. Attackers may inject arbitrary HTML or script code into URI parameters in a malicious link. When the malicious link is...