CVE-2017-9855

An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This system uses predictable codes, and a single Grid Guard code can be used on any SMA inverter. Any such code, when combined with the installer...

CVE-2017-9855

An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This system uses predictable codes, and a single Grid Guard code can be used on any SMA inverter. Any such code, when combined with the installer...

ftp-syst NSE Script

Sends FTP SYST and STAT commands and returns the result. The canonical SYST response of "UNIX Type: L8" is stripped or ignored, since it is meaningless. Typical FTP response codes 215 for SYST and 211 for STAT are also hidden. References: Example Usage nmap -sV -sC Script Output | ftp-syst: | SYS...

pbxbook.com XSS vulnerability

Vulnerable URL: https://pbxbook.com/meridian/admin/ftrcodes.html/"--!" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 23.10.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 411797 VIP website status:| No Coordinated Disclosure Timeline...

Fedora 26 : mingw-libtasn1 (2017-d5cf1a55ce)

Noteworthy changes in release 4.11 released 2017-05-27 stable - Introduced the ASN1TIMEENCODINGERROR error code to indicate an invalid encoding in the DER time fields. - Introduced flag ASN1DECODEFLAGALLOWINCORRECTTIME. This flag allows decoding errors in time fields even when in strict DER mode...

Invincea-X SboxDrv.sys Version Number Query Local Privilege Escalation Vulnerability

Summary An exploitable double fetch vulnerability exists in the SboxDrv.sys driver functionality of Invincea-X 6.1.3-24058. A specially crafted input buffer and race condition can result in kernel memory corruption, which could result in privilege escalation. An attacker needs to execute a specia...

Sunshine Car Life APP has information leakage vulnerability

Sunshine Car Life APP is a one-stop car owner service platform designed to provide you with authoritative national violation query, car insurance price calculation, trip management, claims service, and so on. There is an information leakage vulnerability in Sunshine Car Life APP, because the logi...

Cross-origin brute-forcing of Github SAML and 2FA recovery codes

Yesterday while reading my Twitter stream I found this interesting article about downloading GitHub SSO bypass codes. Same as Yasin Soliman I was invited to a Github pre-release of the organisation SAML single sign-on SSO private program. And same as him I found an issue in the same endpoint. So ...

MyBB < 1.8.12 Multiple Vulnerabilities

Binary data 700128.prm...

Oniguruma 'onigenc_unicode_get_case_fold_codes_by_str()' function stack buffer overflow vulnerability

mbstring Multi-Byte String is a language encoding extension library in PHP PHP: Hypertext Preprocessor; Oniguruma-mod is a regular expression library in Ruby programming language.Oniguruma is one of the a regular expression engine. A stack buffer overflow vulnerability exists in the...

The power of Wallarm search engine

In this article I would like to show and explain my personal use cases of the Wallarm search engine. The cool thing about it is human readable search with intuitive commands. Just look at this search command before we start: attacks incidents vulns today RCE 502 For a security engineer looking at...

The power of Wallarm search engine

In this article I would like to show and explain my personal use cases of the Wallarm search engine. The cool thing about it is human readable search with intuitive commands. Just look at this search command before we start: attacks incidents vulns today RCE 502 For a security engineer looking at...

UBUNTU-CVE-2016-2379

The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to 1 decrypt hashed passwords by leveraging knowledge of client registration codes or 2 gain login access by eavesdropping on login messages and re-using the hashed passwords...

Instagram Adds Two-Factor Authentication

Instagram became the latest in a long line of services over the years to offer users two-factor authentication this week. Kevin Systrom, co-founder and CEO of the Facebook-owned mobile photo-sharing app announced the feature on its blog Thursday afternoon. With the feature – accessible via Settin...

SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2017:0714-1)

This update for MozillaFirefox to ESR 45.8 fixes the following issues: Security issues fixed bsc1028391 : - CVE-2017-5402: Use-after-free working with events in FontFace objects - CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping - CVE-2017-5400: asm.js...

AXIS Communications - Cross-Site Scripting / Content Injection

0RWELLL4BS security advisory olsa-2015-8258 PGP: 79A6CCC0 @orwelllabs Advisory Information ==================== - Title: ImagePath Resource Injection/Open script editor - Vendor: AXIS Communications - Research and Advisory: Orwelllabs - Class: Improper Input Validation CWE-20 - CVE Name:...

Microsoft updates fail: 80071a91, 80070BC9, 80079c59, 8007000e, or prompt for restart forever

Microsoft Windows OS update fails with an error and requests a desktop reboot on all subsequent attempts to check for updates. The most common update failure codes are 0x80071a91, 0x80070BC9, 0x80079c59,0x8007000e...

Mozilla: FTP response codes can cause use of uninitialized values for ports (MFSA 2017-06)

Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations. This vulnerability affects Firefox 52, Firefox ESR 45.8, Thunderbird 52, and Thunderbird 45.8...

Scientists Store an Operating System, a Movie and a Computer Virus on DNA

Do you know — 1 Gram of DNA Can Store 1,000,000,000 Terabyte of Data for 1000+ Years. Just last year, Microsoft purchased 10 Million strands of synthetic DNA from San Francisco DNA synthesis startup called Twist Bioscience and collaborated with researchers from the University of Washington to foc...

MalQR - Collection of malicious QR Codes and Barcodes you can use to test the security of your scanners

MalQR is a collection of malicious QR codes and barcodes you can use to test the security of your scanners. It gives you the ability to conduct such tests with easiness : you just need to have a smartphone, a tablet or a laptop with an internet connection and browse MalQR.shielder.it to have a...