Mofi Network MOFI4500-4GXeLTE Remote Reboot Backdoor Vulnerability

The Mofi Network MOFI4500-4GXeLTE is a wireless router from Mofi Network. A remote reboot backdoor vulnerability exists in the Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices, which can be exploited by an attacker to reboot the device by accessing /cgi-bin/poof.cgi with a private key...

CVE-2020-7456

CVE-2020-7456 affects FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-STABLE before r361919, 11.3-RELEASE before p10, and 11.4-RC2 before p1. The issue occurs when the USB HID descriptor processing fails to restore the push/pop level, allowing an attacker with physical access to ...

CVE-2019-19527

In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e...

Exploit for OS Command Injection in Dlink Dir-655_Firmware

This is a PoC exploit for CVE-2019-16920, a vulnerability in D-Link routers. The exploit is implemented in two Python scripts: CVE-2019-16920.py and CVE-2019-16920-MassPwn3r.py. The scripts send arbitrary input to a "PingTest" device common gateway interface, which can lead to command injection a...

Unfixable iOS Device Exploit Is the Latest Apple Security Upheaval

Any iPhone device from 2011 to 2017 could soon be jailbroken, thanks to an underlying flaw that there's no way to patch...

CVE-2019-15219

An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the drivers/usb/misc/sisusbvga/sisusb.c driver...

The vulnerability of the `snd_usb_create_streams` function in the Linux operating system allows a hacker to cause a service failure or exert other effects.

The vulnerability of the sndusbcreatestreams function in the Linux kernel stems from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to cause a service failure or other effects through a specially crafted USB device...

CVE-2017-15102

The towerprobe function in drivers/usb/misc/legousbtower.c in the Linux kernel before 4.8.1 allows local users who are physically proximate for inserting a crafted USB device to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer...

CVE-2017-16535

The usbgetbosdescriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service out-of-bounds read and system crash or possibly have unspecified other impact via a crafted USB device...

CVE-2017-16527

sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service sndusbmixerinterrupt use-after-free and system crash or possibly have unspecified other impact via a crafted USB device...

CVE-2017-16525

The usbserialconsoledisconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service use-after-free and system crash or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup...

macOS / iOS Kernel 10.12.3 (16D32) - Double-Free Due to Bad Locking in fsevents Device Exploit

Exploit for multiple platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1129 fseventsfioctl handles ioctls on fsevent fds acquired via FSEVENTSCLONE64 on /dev/fsevents Heres the code for the FSEVENTSDEVICEFILTER64 ioctl: case FSEVENTSDEVICEFILTER64:...

CVE-2015-1769

Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles symlinks, which allows physically proximate attackers to execute arbitrary code by connectin...

Ubuntu 10.10 : linux vulnerabilities (USN-1160-1)

Dan Rosenberg discovered that IRDA did not correctly check the size of buffers. On non-x86 systems, a local attacker could exploit this to read kernel heap memory, leading to a loss of privacy. CVE-2010-4529 Dan Rosenburg discovered that the CAN subsystem leaked kernel addresses into the /proc...

Sun Java Plugin 1.4 - Unauthorized Java Applet Floppy Access

Sun Java Plugin 1.4 - Unauthorized Java Applet Floppy Access source: https://www.securityfocus.com/bid/8867/info A weakness has been reported in Java implementations that may constitute unauthorized access by Java applets to floppy devices. This weakness appears to present a flaw in the Java...