54 matches found
LibreNMS Security Vulnerabilities
LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of the network environment and automatic updates. A security vulnerability exists in LibreNMS versions prior to 23.11.0. An attacker...
Oracle Linux 8 : firefox (ELSA-2020-0820)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-0820 advisory. 68.6.0-1.0.1.el81 - Rebuild to pickup Oracle default bookmarks Orabug: 30069264 - Add firefox-oracle-default-prefs.js and remove the corresponding Red...
SUSE CVE-2014-1739
The mediadeviceenumentities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIAIOCENUMENTITIES ioctl...
SUSE CVE-2020-6812
The first time AirPods are connected to an iPhone, they become named after the user's name by default e.g. Jane Doe's AirPods. Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that...
Shenzhen Fujia Technology OurPhoto 安全漏洞
Shenzhen Fujia Technology OurPhoto is a cloud photo frame software from Shenzhen Fujia Technology, China. It allows you to share photos and video files directly on your cell phone. A security vulnerability exists in Shenzhen Fujia Technology OurPhoto version 1.4.1, which stems from an insecure...
CVE-2020-6812
The first time AirPods are connected to an iPhone, they become named after the user's name by default e.g. Jane Doe's AirPods. Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name. To resolve this issue, Firefox added a special case that...
Introduction to Bluetooth Low Energy
Bluetooth Low Energy BLE is used by almost everyone in our everyday lives, from wireless headphones, to car stereos, computer keyboards and mice, and other everyday items. Even though this standard is popular there seems a general lack of understanding of how it works and what certain terms mean...
Security Vulnerabilities fixed in Firefox ESR 68.6 — Mozilla
When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash. By carefully crafting promise resolutions, it was possible to cause an out-of-bounds read off the end of an array resized during scrip...
BLEAH - A BLE Scanner For "Smart" Devices Hacking
A BLE scanner for "smart" devices hacking based on the bluepy library, dead easy to use because retarded devices should be dead easy to hack. Explanatory post and screenshots can be found here. How to Install Install bluepy from source: git clone https://github.com/IanHarvey/bluepy.git cd bluepy...
Kernel: drivers: media: an information leakage
An information leak flaw was found in the way the Linux kernel handled media device enumerate entities IOCTL requests. A local user able to access the /dev/media0 device file could use this flaw to leak kernel memory bytes...
CVE-2014-1739
The mediadeviceenumentities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIAIOCENUMENTITIES ioctl...
s7-info NSE Script
Enumerates Siemens S7 PLC Devices and collects their device information. This script is based off PLCScan that was developed by Positive Research and Scadastrangelove . This script is meant to provide the same functionality as PLCScan inside of Nmap. Some of the information that is collected by...
Authentication flaw
Profile Manager in Apple Mac OS X before 10.7.5 does not properly perform authentication for the Device Management private interface, which allows attackers to enumerate managed devices via unspecified vectors...
NGS00014 Technical Advisory: Cisco IPSec VPN Implementation Group Name Enumeration
======= Summary ======= Name: Cisco IPSec VPN Implementation Group Name Enumeration Release Date: 22 March 2011 Reference: NGS00014 Discoverer: Gavin Jones Vendor: Cisco Vendor Reference: CSCei51783, CSCtj96108 Systems Affected: ASA 5500 Series Adaptive Security Appliances -Cisco PIX 500 Series...