9 matches found
Root Access for Data Control: A DEF CON IoT Village Story
Every year, Rapid7 is a presenter at DEF CON’s IoT Village, sharing in-depth insight and expertise into the hacking of all things Internet of Things. This year, our perennial IoT hacking presenter, Principal Security Researcher, IoT, Deral Heiland, along with Rapid7 pentest team members, showed...
Baxter SIGMA Spectrum Infusion Pumps: Multiple Vulnerabilities (FIXED)
Rapid7, Inc. Rapid7 discovered vulnerabilities in two TCP/IP-enabled medical devices produced by Baxter Healthcare. The affected products are: SIGMA Spectrum Infusion Pump Firmware Version 8.00.01 SIGMA Wi-Fi Battery Firmware Versions 16, 17, 20 D29 Rapid7 initially reported these issues to Baxte...
Xerox Multifunction Printers (MFP) "Patch" DLM Vulnerability
This module exploits a vulnerability found in Xerox Multifunction Printers MFP. By supplying a modified Dynamic Loadable Module DLM, it is possible to execute arbitrary commands under root privileges. This module requires Metasploit: https://metasploit.com/download Current source:...
Some Cable Modems Found to Leak Sensitive Data Via SNMP
Cable modems sold by two manufacturers expose a wide variety of sensitive information over SNMP, including usernames and passwords, WEP keys and SSIDs. Researchers who discovered the vulnerabilities say they’re trivially exploitable and plan to release Metasploit modules for them later this month...
Netopia 3347 Cable Modem Wifi Enumeration
This module extracts WEP keys and WPA preshared keys from certain Netopia cable modems. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netopia 3347 Cable Modem Wifi Enumeration', 'Description'...
Toshiba eStudio Printer Information Leakage
============================================================================ Foofus.net Security Advisory: foofus-20111026 ============================================================================ Title: Toshiba eStudio Multifunction Printer Information Leakage Version: e-Studio series devices...
Layered Defense Research Advisory: Format String Vulnerablity in Symantec PcAnywhere v10-12.5
================================================== Layered Defense Research Advisory 17 March 2009 ================================================== 1 Affected Product Symantec PcAnywhere version 10 – 12.5 ================================================== 2 Severity Rating: Low...
CAID 34325 - CA ITM, eAV, ePP scan job description field format string vulnerability
Title: CAID 34325 - CA ITM, eAV, ePP scan job description field format string vulnerability CA Vulnerability ID: 34325 CA Advisory Date: 2006-06-26 Discovered By: Deral Heiland www.layereddefense.com Impact: Attackers can cause a denial of service condition or possibly execute arbitrary code...
[Full-disclosure] Layered Defense Advisory: Format String Vuln in CA eTrust
=============================================================== Layered Defense Advisory 27 June 2006 =============================================================== 1 Affected Software Computer Associates: eTrust Antivirus 8.0 Computer Associates: eTrust PestPatrol 8.0 Computer Associates:...