CVE-2019-25249

devolo dLAN 500 AV Wireless+ 3.1.0-1 contains an authentication bypass vulnerability that allows attackers to enable hidden services through the htmlmgr CGI script. Attackers can enable telnet and remote shell services, reboot the device, and gain root access without a password by manipulating...

CVE-2019-25249

The vulnerability CVE-2019-25249 affects devolo dLAN 500 AV Wireless+ (firmware 3.1.0-1). The issue is an authentication bypass in the htmlmgr CGI script, allowing an attacker to enable hidden services (e.g., telnet, remote shell) and reboot the device to gain root access without a password by ma...

CVE-2019-25249 devolo dLAN 500 AV Wireless+ 3.1.0-1 Remote Code Execution via htmlmgr

devolo dLAN 500 AV Wireless+ 3.1.0-1 contains an authentication bypass vulnerability that allows attackers to enable hidden services through the htmlmgr CGI script. Attackers can enable telnet and remote shell services, reboot the device, and gain root access without a password by manipulating...

CVE-2019-25249 devolo dLAN 500 AV Wireless+ 3.1.0-1 Remote Code Execution via htmlmgr

devolo dLAN 500 AV Wireless+ 3.1.0-1 contains an authentication bypass vulnerability that allows attackers to enable hidden services through the htmlmgr CGI script. Attackers can enable telnet and remote shell services, reboot the device, and gain root access without a password by manipulating...

PT-2025-53335

Name of the Vulnerable Software and Affected Versions devolo dLAN 500 AV Wireless+ version 3.1.0-1 Description The device contains a flaw that allows attackers to bypass authentication and enable hidden services through the htmlmgr CGI script. Attackers can enable services like telnet and remote...

Devolo dLAN 500 AV Wireless+ 安全漏洞

The Devolo dLAN 500 AV Wireless+ is a powerline communication adapter from Devolo, Germany. A security vulnerability exists in the Devolo dLAN 500 AV Wireless+ version 3.1.0-1, which stems from an authentication bypass that could result in enabling hidden services and gaining root privileges...

Time Will Tell: Large-Scale De-Anonymization of Hidden I2P Services Via Live Behavior Alignment (Extended Version)

I2P Invisible Internet Project is a popular anonymous communication network. While existing de-anonymization methods for I2P focus on identifying potential traffic patterns of target hidden services among extensive network traffic, they often fail to scale effectively across the large and diverse...

EUVD-2014-5015

Malware in sbrugna...

EUVD-2021-3132

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-36325

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - i2p before 2.3.0 Java allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services aka eepsites via a correlation attack across the IPv4 and...

Hunting the Ghost: Towards Automatic Mining of IoT Hidden Services

In this paper, we proposes an automatic firmware analysis tool targeting at finding hidden services that may be potentially harmful to the IoT devices. Our approach uses static analysis and symbolic execution to search and filter services that are transparent to normal users but explicit to...

Snorkeling in Dark Waters: a Longitudinal Surface Exploration of Unique Tor Hidden Services (Extended Version)

The Onion Router Tor is a controversial network whose utility is constantly under scrutiny. On the one hand, it allows for anonymous interaction and cooperation of users seeking untraceable navigation on the Internet. This freedom also attracts criminals who aim to thwart law enforcement...

CVE-2025-24888

The CVE-2025-24888 issue affects the SecureDrop Client, specifically the API.download_reply() path traversal flaw. The vulnerability arises from using the filename in the Content-Disposition header to write the encrypted reply to disk; although server-side filenames are sanitized, the file can be...

UBUNTU-CVE-2023-36325

i2p before 2.3.0 Java allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services aka eepsites via a correlation attack across the IPv4 and IPv6 addresses that occurs when a tunneled, replayed message has a behavior discrepancy it may be dropped, or may result in a Wrong...

CVE-2023-36325

Removed by vendor...

openSUSE: Security Advisory for tor (openSUSE-SU-2023:0361-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

What is the dark web?

Most users interact with the internet through the web, and many of the threat actors we write about operate on the "dark web." Broadly speaking, the dark web is a small portion of the "deep web," where the deep web represents most of the Web. We know, its confusing -- lets walk through an example...

PT-2023-25535 · I2P · I2P

Name of the Vulnerable Software and Affected Versions: i2p versions prior to 2.3.0 Description: The issue allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services aka eepsites via a correlation attack across the IPv4 and IPv6 addresses that occurs when a tunneled, replayed...

Tornado - Anonymously Reverse Shell Over Tor Network Using Hidden Services Without Portforwarding

anonymously reverse shell over onion network using hidden services without portfortwarding Explore the docs fully undetectable reverse shell · View Demo · bulletproof anonymity If you are having any operating system compatiblity issue, let me know. I will try to fix as soon as possible so let's...

Tor-Rootkit - A Python 3 Standalone Windows 10 / Linux Rootkit Using Tor

A Python 3 standalone Windows 10 / Linux Rootkit. The networking communication get's established over the tor network. Disclaimer Use for educational purposes only. How to use 1. Clone the repo and change directory: git clone https://github.com/emcruise/TorRootkit.git cd ./tor-rootkit 2. Build...