CVE-2022-35263

A denial of service vulnerability exists in the webserver hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the...

CVE-2022-33897

A directory traversal vulnerability exists in the webserver /ajax/remove/ functionality of Robustel R1510 3.1.16. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability...

CVE-2022-33205

Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP reque...

Command injection

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This...

Denial of service

A denial of service vulnerability exists in the webserver hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the...

Format string

Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacke...

CVE-2022-35265

A denial of service vulnerability exists in the webserver hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the...

CVE-2022-33189

CVE-2022-33189 : In Abode Systems iota All-In-One Security Kit 6.9Z, the XCMD “setAlexa” accepts an XML payload containing regCode, which can be exploited to trigger a DNS discovery process via /bct/sbin/dns-sd and execute arbitrary commands. Talos details show an exploit chain: craft XCMD to set...

PT-2022-21446 · Abode Systems · Iota All-In-One Security Kit

Name of the Vulnerable Software and Affected Versions: Abode Systems, Inc. iota All-In-One Security Kit versions 6.9X through 6.9Z Description: A denial of service issue exists in the XCMD doDebug functionality. This can be triggered by a specially-crafted XCMD, allowing an attacker to send a...

PT-2022-20165 · Abode Systems · Iota All-In-One Security Kit

Name of the Vulnerable Software and Affected Versions: Abode Systems, Inc. iota All-In-One Security Kit versions 6.9X and 6.9Z Description: A command injection issue exists in the XCMD setUPnP functionality, allowing arbitrary command execution through a specially-crafted XCMD. An attacker can...

SUSE-SU-2022:3714-1 Security update for multipath-tools

This update for multipath-tools fixes the following issues: - CVE-2022-41974: Fixed an authorization bypass issue in multipathd. bsc1202739 - Avoid linking to libreadline to avoid licensing issue bsc1202616 - Avoid device IO in 'multipath -u' bsc1125145, bsc1131789 - mpathpersist: optimize for...

Wrong implementation of function LBPair.setFeeParameter can break the funcionality of LBPair and make user's tokens locked

Lines of code Vulnerability details Vulnerable detail Struct FeeParameters contains 12 fields as follows: struct FeeParameters // 144 lowest bits in slot uint16 binStep; uint16 baseFactor; uint16 filterPeriod; uint16 decayPeriod; uint16 reductionFactor; uint24 variableFeeControl; uint16...

Gas, a positive social network for teens (no, really)

A new social network is currently in the news, billed as a positive space for teens to enjoy themselves. Im all for positive spaces online, but what is it, and will teens really be happier there than say Instagram, or even just hanging out in WhatsApp groups? Pump the gas Launched in August of th...

CVE-2022-3203 ORing net IAP-420(+) Hidden Functionality

On ORing net IAP-420+ with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or WiFi with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot...

Microsoft fixes driver blocklist placing users at risk from BYOVD attacks

There may be an all-new acronym for you to try and remember, as a result of Microsoft fixing a lingering issue. This issue is called Bring Your Own Vulnerable Driver BYOVD, and BYOVD has been popping up in various forms for the last few months. These attacks may have been less impactful if a...

CVE-2022-43019

OpenCATS v0.9.6 was discovered to contain a remote code execution RCE vulnerability via the getDataGridPager's ajax functionality...

Remote code execution

OpenCATS v0.9.6 was discovered to contain a remote code execution RCE vulnerability via the getDataGridPager's ajax functionality...

EUVD-2022-46068

OpenCATS v0.9.6 was discovered to contain a remote code execution RCE vulnerability via the getDataGridPager's ajax functionality...

CVE-2022-43019

OpenCATS v0.9.6 was discovered to contain a remote code execution RCE vulnerability via the getDataGridPager's ajax functionality...

PT-2022-22973 · Corsair · Corsair K63 Wireless

Name of the Vulnerable Software and Affected Versions: Corsair K63 Wireless version 3.1.3 Description: The issue concerns a lack of AES encryption, allowing physically proximate attackers to inject and sniff keystrokes via 2.4 GHz radio transmissions. Recommendations: For Corsair K63 Wireless...