CVE-2017-14893

While flashing meta image, a buffer over-read may potentially occur when the image size is smaller than the image header size or is smaller than the image header size + total image header entry in Android releases from CAF using the linux kernel Android for MSM, Firefox OS for MSM, QRD Android...

CVE-2017-14893

While flashing meta image, a buffer over-read may potentially occur when the image size is smaller than the image header size or is smaller than the image header size + total image header entry in Android releases from CAF using the linux kernel Android for MSM, Firefox OS for MSM, QRD Android...

CVE-2017-14893

CVE-2017-14893 involves a potential buffer over-read during flashing a meta image in Android CAF builds (Android for MSM, Firefox OS for MSM, QRD Android) via the Linux kernel, before the 2018-06-05 patch level. Root cause: image size smaller than the image header or header plus header entries tr...

CVE-2017-14872

While flashing a meta image, a buffer over-read can potentially occur when the number of images are out of the maximum range of 32 in Android releases from CAF using the linux kernel Android for MSM, Firefox OS for MSM, QRD Android before security patch level 2018-06-05...

CVE-2017-18158

Possible buffer overflows and array out of bounds accesses in Android releases from CAF using the linux kernel Android for MSM, Firefox OS for MSM, QRD Android before security patch level 2018-06-05 while flashing images...

RSA Authentication Manager 8.2.1.4.0-build1394922 / < 8.3 P1 - XML External Entity Injection / Cr

Exploit for java platform in category web applications SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XXE & XSS vulnerabilities product: RSA Authentication Manager vulnerable version: 8.2.1.4.0-build1394922, 8.3 P1...

RSA Authentication Manager 8.2.1.4.0-build1394922 8.3 P1 - XML External Entity Injection Cross-Site Flashing DOM Cross-Site Scripting

RSA Authentication Manager 8.2.1.4.0-build1394922 8.3 P1 - XML External Entity Injection Cross-Site Flashing DOM Cross-Site Scripting SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XXE & XSS vulnerabilities product: R...

RSA Authentication Manager 8.2.1.4.0-build1394922 / &lt; 8.3 P1 - XML External Entity Injection / Cross-Site Flashing / DOM Cross-Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XXE & XSS vulnerabilities product: RSA Authentication Manager vulnerable version: 8.2.1.4.0-build1394922, 8.3 P1 fixed version: 8.3 P1 and later CVE number: CVE-2018-1247...

Integer overflow

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing a meta image, an integer overflow can occur, if user-defined image offset and size values are too large...

CVE-2017-9683

CVE-2017-9683 describes an integer overflow in Android for MSM/CAF Linux kernel when flashing a meta image if user-supplied image offset/size are too large. Affected: Android for MSM, Firefox OS for MSM, QRD Android with CAF Linux kernel (all CAF-based Android releases). Root cause: integer overf...

Code injection

In all Qualcomm products with Android releases from CAF using the Linux kernel, there is no size check for the images being flashed onto the NAND memory in their respective partitions, so there is a possibility of writing beyond the intended partition...

CVE-2016-10389

In all Qualcomm products with Android releases from CAF using the Linux kernel, there is no size check for the images being flashed onto the NAND memory in their respective partitions, so there is a possibility of writing beyond the intended partition...

CVE-2017-9457

Intense PC Phoenix SecureCore UEFI firmware does not perform capsule signature validation before upgrading the system firmware. The absence of signature validation allows an attacker with administrator privileges to flash a modified UEFI BIOS...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-2017-629)

This update for java-170-openjdk fixes the following issues : - Update to 2.6.10 - OpenJDK 7u141 bsc1034849 - Security fixes - S8163520, CVE-2017-3509: Reuse cache entries - S8163528, CVE-2017-3511: Better library loading - S8165626, CVE-2017-3512: Improved window framing - S8167110, CVE-2017-351...

Direct Memory Access Attack: PCILeech

Direct Memory Access Attack The PCILeech use the USB3380 chip in order to read from and write to the memory of a target system. This is achieved by using DMA over PCI Express. No drivers are needed on the target system. The USB3380 is only able to read 4GB of memory natively, but is able to read...

OverThruster - HID Attack Payload Generator For Arduinos

OverThruster is a tool to generate sketches for Arduinos when used as an HID Attack. It was designed around devices with the ATMEGA32U4 chip, like the CJMCU-BEETLE, or the new LilyGo "BadUSB" devices popping up on ebay and aliexpress that look like USB sticks but contain an Arduino. I wrote this...

PCILeech - Direct Memory Access (DMA) Attack Software

The PCILeech use the USB3380 chip in order to read from and write to the memory of a target system. This is achieved by using DMA over PCI Express. No drivers are needed on the target system. The USB3380 is only able to read 4GB of memory natively, but is able to read all memory if a kernel modul...

Automattic: Wordpress.com REST API oauth bypass via Cross Site Flashing

Hello Automattic Security Team, There is a vulnerability in https://public-api.wordpress.com/crossdomain.xml. This file allows .yahoo.com and .yimg.com to perform cross domain requests to https://public-api.wordpress.com. However, these domains are vulnerable to Cross-Site flashing. An attacker c...

Build Your Own PwnPhone

Build Your Own PwnPhone We’ll attempt to show you how to build your own Pwn Phone running the Kali operating system and our AOPP Android Open Pwn Project image. Let’s get cracking… Flashing the Phone 1. Download the Recovery image for your device: https://twrp.me/Devices 2. Connect the device to...

Mail.ru: Same origin policy bypass on e.mail.ru via Cross-Site Flashing

Hello Mail.Ru Security Team, There is a Cross-Site Flashing vulnerability in e.mail.ru. this vulnerability is similar to XSS except it is Flash script execution. Ref : https://www.owasp.org/index.php/TestingforCrosssiteflashingOTG-CLIENT-008 This allow an attacker to execute requests to the...