Australia Passes Anti-Encryption Bill—Here's Everything You Need To Know

Australia's House of Representatives has finally passed the "Telecommunications Assistance and Access Bill 2018," also known as the Anti-Encryption Bill , on Thursday that would now allow law enforcement to force Google, Facebook, WhatsApp, Signal, and other tech giants to help them access...

Adventures in Video Conferencing Part 2: Fun with FaceTime

Posted by Natalie Silvanovich, Project Zero FaceTime is Apple’s video conferencing application for iOS and Mac. It is closed source, and does not appear to use any third-party libraries for its core functionality. I wondered whether fuzzing the contents of FaceTime’s audio and video streams would...

Multiple RICOH Interactive Whiteboard Products Information Disclosure Vulnerability

RICOH Interactive Whiteboard D2200 and others are multifunction printer devices from Ricoh, Japan. A security vulnerability exists in several RICOH Interactive Whiteboard products. An attacker could exploit this vulnerability by performing a man-in-the-middle attack to steal encrypted...

CVE-2018-5559

In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring sensitive data from the API response sent over an encrypted channel. This issue does not affect...

Design/Logic Flaw

In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring sensitive data from the API response sent over an encrypted channel. This issue does not affect...

CVE-2018-5559

In Rapid7 Komand version 0.41.0 and prior, certain endpoints that are able to list the always encrypted-at-rest connection data could return some configurations of connection data without obscuring sensitive data from the API response sent over an encrypted channel. This issue does not affect...

JVN#55263945: Multiple vulnerabilities in RICOH Interactive Whiteboard

RICOH Interactive Whiteboard provided by RICOH COMPANY, LTD. contains multiple vulnerabilities listed below. Command injection CWE-94 - CVE-2018-16184 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score: 9.8 CVSS v2| AV:N/AC:L/AU:N/C:C/I:C/A:C| Bas...

Default credentials

TP-Link Archer C5 devices through V2160201US allow remote command execution via shell metacharacters on the wandynhostname line of a configuration file that is encrypted with the 478DA50BF9E3D2CF key and uploaded through the web GUI by using the web admin account. The default password of admin ma...

Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials

Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials Exploit Title: Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials Google Dork: intitle:"ricoh myprint" "Copyright Ricoh. All Rights Reserved" Date: 2018-11-19 Exploit Author: Hodorsec Vendor Homepage: https://www.ricoh.com Software Link:...

Design/Logic Flaw

The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py. This connection attempt fails, but it contains in the header the current session of the user. This session could then be stolen by a...

python security update

CentOS Errata and Security Advisory CESA-2018:3347 An update for python-paramiko is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

CVE-2018-12037

An issue was discovered on Samsung 840 EVO and 850 EVO devices only in "ATA high" mode, not vulnerable in "TCG" or "ATA max" mode, Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the password and the Disk Encryption Key allows...

Ricoh myPrint Hardcoded Credentials / Information Disclosure

Exploit Title: Ricoh myPrint - Hardcoded application credentials and information disclosure via WSDL webservices Google Dork: intitle:"ricoh myprint" "Copyright Ricoh. All Rights Reserved" Date: 19-11-18 Exploit Author: Hodorsec Vendor Homepage: https://www.ricoh.com Software Link:...

Ricoh myPrint Hardcoded Credentials / Information Disclosure Vulnerability

Ricoh myPrint suffers from hardcoded application credential and information disclosure vulnerabilities. The myPrint windows client version 2.9.2.4 and myPrint android client version 2.2.7 are both affected. Exploit Title: Ricoh myPrint - Hardcoded application credentials and information disclosur...

PHP-Proxy 5.1.0 - Local File Inclusion Vulnerability

Exploit for php platform in category web applications Exploit Title: PHP-Proxy 5.1.0 - Local File Inclusion Exploit Author: Ameer Pornillos Contact: https://ethicalhackers.club Vendor Homepage: https://www.php-proxy.com/ Software Link: https://www.php-proxy.com/download/php-proxy.zip Version: 5.1...

Security Bulletin: IBM UrbanCode Deploy diagnostics files may contain confidential data (CVE-2017-1286)

Summary Previous releases of IBM UrbanCode Deploy diagnostics files can contain highly confidential data. This can include passwords and/or encrypted values. Vulnerability Details CVEID: CVE-2017-1286 DESCRIPTION: Sensitive information about the configuration of the UCD server and database can be...

Microsoft Windows Security Bypass Vulnerability (CNVD-2019-02769)

Microsoft Windows 10 and others are products of Microsoft Corporation USA.Microsoft Windows 10 is an operating system for personal computers; Windows Server 2016 is a server operating system. A security bypass vulnerability exists in Microsoft Windows that originates when a program fails to...

PHP-Proxy 5.1.0 - Local File Inclusion

Exploit Title: PHP-Proxy 5.1.0 - Local File Inclusion Date: 2018-11-13 Exploit Author: Ameer Pornillos Contact: https://ethicalhackers.club Vendor Homepage: https://www.php-proxy.com/ Software Link: https://www.php-proxy.com/download/php-proxy.zip Version: 5.1.0 Category: Webapps Tested on: XAMPP...

PHP-Proxy 5.1.0 - Local File Inclusion

PHP-Proxy 5.1.0 - Local File Inclusion Exploit Title: PHP-Proxy 5.1.0 - Local File Inclusion Date: 2018-11-13 Exploit Author: Ameer Pornillos Contact: https://ethicalhackers.club Vendor Homepage: https://www.php-proxy.com/ Software Link: https://www.php-proxy.com/download/php-proxy.zip Version:...

PHP-Proxy 5.1.0 Local File Inclusion

Exploit Title: PHP-Proxy 5.1.0 - Local File Inclusion Date: 2018-11-13 Exploit Author: Ameer Pornillos Contact: https://ethicalhackers.club Vendor Homepage: https://www.php-proxy.com/ Software Link: https://www.php-proxy.com/download/php-proxy.zip Version: 5.1.0 Category: Webapps Tested on: XAMPP...