Building a Car Hacking Development Workbench: Part 1

Introduction There is a vast body of knowledge hiding inside your car. Whether you are an auto enthusiast, developer, hobbyist, security researcher, or just curious about vehicles, building a development bench can be an exciting project to facilitate understanding and experimentation without...

Arbitrary File Download Vulnerability in Campus Card Portal of Harbin Xinzhongxin Electronics Co.

Campus Card Portal is a digital campus solution. An arbitrary file download vulnerability exists in the Campus Card Portal of Harbin Xinzhongxin Electronics Co. The vulnerability allows an attacker to download arbitrary files from the server...

lxr.missinglinkelectronics.com XSS vulnerability

Vulnerable URL: https://lxr.missinglinkelectronics.com/busybox/init/init.c/"' /Style=position:fixed;top:0;left:0;font-size:999px; /Onmouseenter=confirmOPENBUGBOUNTY // Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability...

Extending the Airplane Laptop Ban

The Department of Homeland Security is rumored to be considering extending the current travel ban on large electronics for Middle Eastern flights to European ones as well. The likely reaction of airlines will be to implement new traveler programs, effectively allowing wealthier and more frequent...

How Cybercrooks Put the Beatdown on My Beats

Last month Yours Truly got snookered by a too-good-to-be-true online scam in which some dirtball hijacked an Amazon merchant's account and used it to pimp steeply discounted electronics that he never intended to sell. Amazon refunded my money, and the legitimate seller never did figure out how hi...

handyfon.de XSS vulnerability

Open Bug Bounty ID: OBB-223587 Description| Value ---|--- Affected Website:| handyfon.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Sony Is Working On Mobile-to-Mobile Wireless Charging Technology

So you are in a party with your friends, and your phone is running low on battery. Oops! The ideal solution is to charge your phone using a charger or a power bank, but not everyone carries power banks or chargers with them all the time, especially in a party. What if you can charge your phone...

FIN7 Spear Phishing Campaign Targets Personnel Involved in SEC Filings

In late February 2017, FireEye as a Service FaaS identified a spear phishing campaign that appeared to be targeting personnel involved with United States Securities and Exchange Commission SEC filings at various organizations. Based on multiple identified overlaps in infrastructure and the use of...

Heap overflow

An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to2.10.10. There are multiple instances of heap-based buffer overflows that may allow malicious files to cause the execution of arbitrary code or a deni...

Out-of-bounds

An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to 2.10.10. Multiple instances of out-of-bounds write conditions may allow malicious files to be read and executed by the affected software...

CVE-2016-5802

An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to 2.10.10. Multiple instances of out-of-bounds write conditions may allow malicious files to be read and executed by the affected software...

CVE-2016-5805

An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to2.10.10. There are multiple instances of heap-based buffer overflows that may allow malicious files to cause the execution of arbitrary code or a deni...

CVE-2016-5802

An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to 2.10.10. Multiple instances of out-of-bounds write conditions may allow malicious files to be read and executed by the affected software...

CVE-2016-5805

An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions prior to 3.02.11, and PMSoft, Versions prior to2.10.10. There are multiple instances of heap-based buffer overflows that may allow malicious files to cause the execution of arbitrary code or a deni...

CVE-2016-5802

Delta Electronics WPLSoft (and related Delta Industrial Automation tools) contains a set of out-of-bounds write vulnerabilities tied to parsing of DV P, SFC, and PPM files. Public advisories (e.g., ZDI-16-647, -652, -663, -660, -646) describe heap/bounds violations in file parsing that can allow ...

CVE-2016-5805

CVE-2016-5805 concerns heap-based buffer overflow flaws in Delta Electronics PLC software: WPLSoft (versions before V2.42.11), ISPSoft (before 3.02.11), and PMSoft (before 2.10.10). Exploitation could allow arbitrary code execution or denial of service by parsing of DVP/LAD/other file formats, as...

electronicsinfoline.com XSS vulnerability

Vulnerable URL: http://www.electronicsinfoline.com/?s=sd=%22--!%3E%3CSvg/Onload=confirm%60XSS-HERE%60%3E%22KNOXSS Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 48865 VIP website...

usstore.lg.com Open Redirect vulnerability

Vulnerable URL: http://usstore.lg.com/store/lgus/RedirectToLandingPage/pgm.95708900?landingpage=http%3A%2F%2Fwww.openbugbounty.org Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculate...

Command Execution Vulnerability in Rico Virtual VPN Gateway

Virtual VPN Gateway is a virtual gateway device from Rico Electronic Technology Co. Ruike Virtual VPN Gateway suffers from a command execution vulnerability, which can be exploited by attackers to execute arbitrary command commands or disclose sensitive information...

Multiple Delta Electronics Products Arbitrary File Access Vulnerability

Delta Electronics WPLSoft and others are software control platforms used by Delta Electronics to edit the Delta DVP series of programmable logic controllers PLCs. An arbitrary file access vulnerability exists in multiple Delta Electronics products. An attacker could exploit the vulnerability to...