12 matches found
EUVD-2024-53817
Malicious code in bioql PyPI...
An educational robot security research
In the modern world, we are surrounded by a multitude of smart devices that simplify our daily lives: smart speakers, robotic vacuum cleaners, automatic pet feeders and even entire smart homes. Toy manufacturers are striving to keep up with these trends, releasing more and more models that can al...
CVE-2023-26042 HTML/XSS injection possibilities in Part-DB
Part-DB is an open source inventory management system for your electronic components. User input was found not being properly escaped, which allowed malicious users to inject arbitrary HTML into the pages. The Content-Security-Policy forbids inline and external scripts so it is not possible to...
PartKeepr Cross-Site Scripting Vulnerability
A cross-site scripting vulnerability exists in PartKeepr version 1.4.0, which is an inventory management software designed primarily for electronic components. The vulnerability stems from a security issue in the name field in /api/partcategories. An attacker could exploit this vulnerability to...
PartKeepr Cross-Site Scripting Vulnerability
PartKeepr is an inventory management software. Designed primarily for electronic components, PartKeepr version 1.4.0 suffers from a cross-site scripting vulnerability that stems from a lack of name parameters in multiple api ports of the edit module to filter user-supplied data and output data...
part-db 操作系统命令注入漏洞
part-db is a web-based database used to manage electronic components. An operating system command injection vulnerability exists in part-db that stems from the presence of system command injection in part-db...
PartKeepr Information Disclosure Vulnerability
PartKeepr is an inventory management software designed primarily for electronic components. a security vulnerability exists in PartKeepr, which stems from the use of a file:// URL that allows attachments to be loaded when creating parts, which can be exploited by an authenticated attacker to read...
PartKeepr server-side request forgery vulnerability
PartKeepr is an inventory management software designed primarily for electronic components.PartKeepr suffers from a server-side request forgery vulnerability, which stems from the fact that the ability to upload attachments using a URL when creating a part does not validate whether a request can ...
Drilling open a smart door lock in 4 seconds
The BBC asked us to have a look at some smart locks for a TV show recently. We didn’t have much prep time, but were genuinely shocked by just how easy this one was to compromise. Usually, we spend time looking at Bluetooth/RF, the mobile app, the API and then move on to hardware. This time we...
Siemens CP 1604 Communications Adapter Detection
Binary data 762016.prm...
Siemens CP 1604 Communications Adapter Detection
Binary data 762017.prm...
Supply Chain Security is the Whole Enchilada, But Who’s Willing to Pay for It?
From time to time, there emerge cybersecurity stories of such potential impact that they have the effect of making all other security concerns seem minuscule and trifling by comparison. Yesterday was one of those times. Bloomberg Businessweek on Thursday published a bombshell investigation allegi...