30 matches found
EUVD-2016-7187
Malware in sbrugna...
CVE-2025-53520
The affected product allows firmware updates to be downloaded from EG4's website, transferred via USB dongles, or installed through EG4's Monitoring Center remote, cloud-connected interface or via a serial connection, and can install these files without integrity checks. The TTComp archive format...
DEBIAN-CVE-2024-57987
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: check for NULL in btrtlsetuprealtek If insert an USB dongle which chip is not maintained in icidtable, it will hit the NULL point accessed. Add a null point check to avoid the Kernel Oops...
UBUNTU-CVE-2024-57987
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: check for NULL in btrtlsetuprealtek If insert an USB dongle which chip is not maintained in icidtable, it will hit the NULL point accessed. Add a null point check to avoid the Kernel Oops...
CVE-2024-57987 Bluetooth: btrtl: check for NULL in btrtl_setup_realtek()
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: check for NULL in btrtlsetuprealtek If insert an USB dongle which chip is not maintained in icidtable, it will hit the NULL point accessed. Add a null point check to avoid the Kernel Oops...
Siemens PSS SINCAL
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
SUSE CVE-2015-2906
Mobile Devices aka MDI C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, store SSH private keys that are the same across different customers' installations, which makes it easier for remote attackers to obtain access by leveraging knowledge of a private...
SUSE CVE-2015-2908
Mobile Devices aka MDI C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbitrary code by specifying an update server...
SUSE CVE-2015-2907
Mobile Devices aka MDI C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, have hardcoded SSH credentials, which makes it easier for remote attackers to obtain access by leveraging knowledge of the required username and password...
CVE-2019-15219
A NULL pointer dereference flaw was found in the way the USB2VGA dongles driver in the Linux kernel handled failed initialization. This flaw allows an attacker able to insert USB2VGA dongles into the system to crash the system. Mitigation To mitigate this issue, prevent module sisusbvga from bein...
Real-life social engineering. Another two days in tweets
What happens in a real life social engineering exercise? There’s a lot of planning and preparation that goes on behind the scenes: it’s not a matter of turning up to a site and ‘winging it’! I live tweeted an exercise a little while back, to give a flavour of a real task in real time. For reasons...
8 everyday technologies that can make you vulnerable to cyberattacks
The technological advances of the modern world make for an exciting and convenient lifestyle. With each new development, from artificial intelligence to the Internet of Things, we make the mundane and tedious more manageable. The security vulnerabilities of the latest tech have been well...
Bluepot - Bluetooth Honeypot
This code is from a University Project written in 2010. This is a newer version of the code than is on Google Code. Bluepot is a Bluetooth Honeypot written in Java, it runs on Linux. Bluepot was a third year university project attempting to implement a fully functional Bluetooth Honeypot. A piece...
RealTime RWR-3G-100 Router - Cross-Site Request Forgery (Change Admin Password) Vulnerability
Exploit for hardware platform in category web applications /...
nRF24 Playset - Software tools for Nordic Semiconductor nRF24-based Devices like Wireless Keyboards, Mice, and Presenters
The nRF24 Playset is a collection of software tools for wireless input devices like keyboards, mice, and presenters based on Nordic Semiconductor nRF24 transceivers, e.g. nRF24LE1 and nRF24LU1+. All software tools support USB dongles with the nrf-research-firmware by the Bastille Threat...
Huawei UTPS - Unquoted Service Path Privilege Escalation Vulnerability
Exploit for windows platform in category local exploits Exploit Title: Unquoted Service Path Vulnerability in Huawei UTPS Software Date: Nov 16 2016 Author: Dhruv Shah @Snypter Website: http://security-geek.in Contact: email protected Category: local Vendor Homepage: http://www.huawei.com/ Versio...
Huawei UTPS - Unquoted Service Path Privilege Escalation
Exploit Title: Unquoted Service Path Vulnerability in Huawei UTPS Software Date: Nov 16 2016 Author: Dhruv Shah @Snypter Website: http://security-geek.in Contact: [email protected] Category: local Vendor Homepage: http://www.huawei.com/ Version: Versions earlier than UTPS-V200R003B015D16SPC00C9...
CVE-2016-6257
The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system b...
CVE-2016-6257
The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system b...
Sql injection
The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system b...