Downloads Resources over HTTP

Overview Affected versions of wasdk insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...

IoT Botnet Uses HTTP Traffic to DDoS Targets

The IoT botnet behind some of the largest publicly recorded DDoS attacks is flooding its targets with HTTP traffic, generating more than one million requests per second in some cases, in order to bring down web applications. The attacks were recorded prior to the release of the source code fuelin...

The vulnerability of the Android operating system, which allows a hacker to increase their privileges

The vulnerability of the drivers/media/platform/msm/camerav2/isp/msmispaxiutil.c component of Qualcomm’s Android operating system is related to the lack of flow control checks. Exploiting this vulnerability allows a remote attacker to enhance their privileges through a specially created applicati...

UBUNTU-CVE-2014-9869

drivers/media/platform/msm/camerav2/isp/msmispstatsutil.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 2013 devices does not validate certain index values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749728 and Qualco...

UBUNTU-CVE-2014-9871

Multiple buffer overflows in drivers/media/platform/msm/camerav2/isp/msmisputil.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 2013 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28749803 and Qualcomm internal bug CR51471...

Hitron CGNV4 Modem / Router 4.3.9.9-SIP-UPC - Multiple Vulnerabilities

Exploit for hardware platform in category web applications Hitron CGNV4 modem/router multiple vulnerabilities -------------------------------------------------- Platforms / Firmware confirmed affected: - Hitron CGNV4, 4.3.9.9-SIP-UPC - Product page:...

Cisco EPC3925 UPC Modem / Router Default Passphrase

Cisco EPC3925 UPC modem/router default passphrase vulnerabilities ----------------------------------------------------------------- Platforms / Firmware confirmed affected: - Cisco EPC3925, ESIP-12-v302r125573-131230cupc Vulnerabilities --------------- Default SSID and passphrase can be calculate...

Ubiquiti Network Gear Targeted By Worm

ISP equipment maker Ubiquiti Networks is fending off a stubborn worm targeting its networking equipment running outdated AirOS firmware. According to security experts, the worm is already being blamed for crippling networking gear in the Argentina, Brazil, Spain and the United States. Ubiquiti...

Zyxel MAX3XX Series Wimax CPEs Hardcoded Root Password

Vulnerability Title: Hardcoded root password in Zyxel MAX3XX series Wimax CPEs Date: 23/03/2016 Product: Zyxel MAX3XX series CPEs Vendor: www.zyxel.com Affected Firmware: Latest version at the time of disclosure v 2.00 and below tested Patch: Unpatched Vendor contact date: 12/12/2015 Authored by:...

National Security Letter Attachment Details

While the Snowden documents have demystified the intelligence community’s hacking abilities, few specifics are known about National Security Letters, law enforcement’s most powerful tool to compel telecommunications and Internet service providers to turn over a broad scope of user data, and which...

Bohatei - Flexible and Elastic DDoS Defense

Bohatei is a first of its kind platform that enables flexible and elastic DDoS defense using SDN and NFV. The repository contains a first version of the components described in the Bohatei paper, as well as a web-based User Interface. The backend folder consists of : an implementation of the...

ZTE ZXHN H108N 3.3.0_MU CWMP Configuration Disclosure

ZTE ZXHN H108N 3.3.0MU CWMP configuration disclosure Copyright 2015 c Todor Donev [email protected] http://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg http://pastebin.com/u/hackerscommunity Model ZXHN H108N Serial Number ZTEERFCD6K03762 Batch Number T1 Software Version...

BlackHat topic analysis: analysis of BGP hijacking exploit-vulnerability warning-the black bar safety net

BGP hijacking in 2 0 0 8 years defcon conference once involved, however, in 2 0 1 5 year's blackhat has been selected as the subject, visible the seriousness of the problem, frozen three feet, a cold, BGP hijacking issues to organizations around the world work together to solve it. 0×0 0 what is ...

FreeBox 3.0.2 Cross Site Request Forgery / Cross Site Scripting

Hello list, Here are two CVEs I reported to Freebox, a french ISP: - CVE-2014-9382 - CSRF in VPN user account creation - CVE-2014-9405 - XSS Vulnerable product: Freebox OS Web interface 3.0.2. CVE-2014-9382 - CSRF in Freebox OS Web interface 3.0.2 allowing VPN user account creation...

60+ Vulnerabilities In 22 SOHO Routers

Dear PacketStorm community, we are a group of security researchers doing our IT Security Master's Thesis at Universidad Europea de Madrid. As a part of the dissertation, we have discovered multiple vulnerability issues on the following SOHO routers: 1. Observa Telecom AW4062 2. Comtrend WAP-5813n...

GenieATM ISP 5.x Arbitrary 文件下载漏洞

No description provided by source...

Pirelli Home Broadband Routers Exposed for Two Years

ISP-issued home broadband routers have been a shooting gallery for researchers and hackers alike looking for, and successfully exploiting, shocking vulnerabilities. One disclosed by a researcher in Spain this week is symptomatic of the problem to a disturbing degree. Researcher Eduardo Novella...

Pirelli Router P.DG-A4001N WPA Key Reverse Engineering

!/usr/bin/env python -- coding: utf-8 -- ''' @license: GPLv3 @author : Eduardo Novella @contact: ednoloainf.upv.es @twitter: @enovella ----------------- Target : ----------------- Vendor : ADB broadband Pirelli Router : Model P.DG-A4001N ISP : Arnet Telecom Argentina Possible-targets :...

ZTE ZXHN H108L - Authentication Bypass (1)

ZTE ZXHN H108L - Authentication Bypass 1 Exploit Title: ZTE ZXHN H108L Authentication Bypass Date: 14/11/2014 Exploit Author: Project Zero Labs https://projectzero.gr | [email protected] Vendor Homepage: www.zte.com.cn Version: ZXHN H108LV4.0.0dZRQGR4 Tested on: ZTE ZXHN H108L CVE : CVE-2014-84...

ZTE ZXHN H108L - Authentication Bypass (1)

Exploit Title: ZTE ZXHN H108L Authentication Bypass Date: 14/11/2014 Exploit Author: Project Zero Labs https://projectzero.gr | [email protected] Vendor Homepage: www.zte.com.cn Version: ZXHN H108LV4.0.0dZRQGR4 Tested on: ZTE ZXHN H108L CVE : CVE-2014-8493 Original post at...