CVE-2019-6989

CVE-2019-6989 describes a stack-based buffer overflow in TP-LINK TL-WR940N (and TL-WR941ND) caused by improper bounds checking in ipAddrDispose. The vulnerability can be triggered by specially crafted ICMP echo requests, allowing a remote authenticated attacker to overflow a buffer and execute ar...

CVE-2018-12300

Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.15.1 allows attackers to disclose information in the Referer header via the 'state' URL parameter...

Remote Command Execution

kernel-rt is vulnerable to remote command execution. The vulnerability exists as a brute-force attack can be used to retrieve a cookie which can be used to execute SysRq commands via ICMP Echo Request packets...

News Wrap: Amazon Echo Privacy, Facebook FTC Fines and Biometrics Regulation

Data privacy has been an outstanding theme this past week, and the Threatpost team discussed the biggest privacy related news. In the news wrap podcast for April 26, the team discussed the backstories behind several reports from the week, including: Facebook potentially facing Federal Trade...

How To Make Your Amazon Echo and Google Home as Private as Possible

With news that Amazon lets human employees listen to Alexa recordings, you might want to tighten up your smart assistant ship...

Amazon Auditors Listen to Echo Recordings, Report Says

Amazon is under fire after a bombshell report revealed the company employs thousands of auditors to listen to Echo users’ voice recordings. The team exists to help improve Amazon Alexa’s comprehension of human speech, so the voice command device responds better to commands, according to a Wednesd...

CVE-2019-7174

Roxy Fileman 1.4.5 allows attackers to execute renamefile.php aka Rename File, createdir.php aka Create Directory, fileslist.php aka Echo File List, and movefile.php aka Move File operations...

RealTerm Serial Terminal 2.0.0.70 - Echo Port Buffer Overflow (SEH)

RealTerm Serial Terminal 2.0.0.70 - Echo Port Buffer Overflow SEH Exploit Title: RealTerm: Serial Terminal 2.0.0.70 - 'Echo Port' Buffer Overflow - SEH Date: 21.02.2019 Exploit Author: Matteo Malvica Vendor Homepage: https://realterm.sourceforge.io/ Software Link:...

RealTerm Serial Terminal 2.0.0.70 - Echo Port Buffer Overflow (SEH) Exploit

Exploit for windows platform in category local exploits Exploit Title: RealTerm: Serial Terminal 2.0.0.70 - 'Echo Port' Buffer Overflow - SEH Date: 21.02.2019 Exploit Author: Matteo Malvica Vendor Homepage: https://realterm.sourceforge.io/ Software Link:...

Realterm Serial Termianl 2.0.0.70 Buffer Overflow

-- coding: utf-8 -- Exploit Title: RealTerm: Serial Terminal 2.0.0.70 - 'Echo Port' Overflow Crash SEH PoC Date: 16/02/2019 Author: Alejandra SA!nchez Vendor Homepage: https://realterm.sourceforge.io/ Software Link: https://sourceforge.net/projects/realterm/files/ Version: 2.0.0.70 Tested on:...

Realterm Serial Terminal 2.0.0.70 - Local Buffer Overflow (SEH)

-- coding: utf-8 -- Exploit Title: RealTerm: Serial Terminal 2.0.0.70 - 'Echo Port' Overflow Crash SEH PoC Date: 16/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://realterm.sourceforge.io/ Software Link: https://sourceforge.net/projects/realterm/files/ Version: 2.0.0.70 Tested on:...

Echo Mirage 3.1 - Buffer Overflow (PoC)

Echo Mirage 3.1 - Buffer Overflow PoC !/usr/bin/python Exploit Title: Echo Mirage 3.1 Buffer Overflow PoC Stack Overflow Date: 21-01-2019 Software Link: https://sourceforge.net/projects/echomirage.oldbutgold.p/ Version: 3.1 x64 Exploit Author: InitD Community Contact: https://twitter.com/initdsh...

Echo Mirage 3.1 Buffer Overflow

!/usr/bin/python Exploit Title: Echo Mirage 3.1 Buffer Overflow PoC Stack Overflow Date: 21-01-2019 Software Link: https://sourceforge.net/projects/echomirage.oldbutgold.p/ Version: 3.1 x64 Exploit Author: InitD Community Contact: https://twitter.com/initdsh Website: http://initd.sh/ Tested on:...

Echo Mirage 3.1 - Buffer Overflow Exploit

!/usr/bin/python Exploit Title: Echo Mirage 3.1 Buffer Overflow PoC Stack Overflow Software Link: https://sourceforge.net/projects/echomirage.oldbutgold.p/ Version: 3.1 x64 Exploit Author: InitD Community Contact: https://twitter.com/initdsh Website: http://initd.sh/ Tested on: Windows 7 """ Step...

Echo Mirage 3.1 - Buffer Overflow (PoC)

!/usr/bin/python Exploit Title: Echo Mirage 3.1 Buffer Overflow PoC Stack Overflow Date: 21-01-2019 Software Link: https://sourceforge.net/projects/echomirage.oldbutgold.p/ Version: 3.1 x64 Exploit Author: InitD Community Contact: https://twitter.com/initdsh Website: http://initd.sh/ Tested on:...

Hacking the Echo echo echo

Smart home assistant. Not-so-smart TV Amazon Echo is considered pretty secure in the security community. Remote exploitation is a pipe dream, requiring months of research to stand any chance. But what about using other devices in the home to exploit it instead? Working on a smart Samsung TV and a...

Hashicorp Consul - Remote Command Execution via Rexec (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Hashicorp Consul Remote Command Execution via Rexec", 'Description' = %q This module exploits a feature of Hashicorp Consul named rexec. ,...

A NASA Hack, a PewDiePie Fan, and More Security News

Amazon sends Echo recordings to the wrong person, Russians tried to get US Treasury dirt on Clinton donors, and more of the week's top security news...

DEBIAN-CVE-2018-1000852

FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvcmain.c, drdynvcprocesscapabilityrequest that can result in The RDP server can read the client's memory.. This attack appear to...

UBUNTU-CVE-2018-1000852

FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvcmain.c, drdynvcprocesscapabilityrequest that can result in The RDP server can read the client's memory.. This attack appear to...