1085 matches found
Google Android Remote Code Execution Vulnerability (CNVD-2019-24164)
Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA. A remote code execution vulnerability exists in the Media framework in Android, which can be exploited by an attacker to potentially cause remote code execution without additional execution...
mXtract - Memory Extractor & Analyzer
An opensource linux based tool that analyses and dumps memory. Its developed as an offensive pentration testing tool which can be used to scan memory for private keys, ips, and passwords using regexes. Remember your results are only as good as your regexes. Screenshots Scan with verbose and with ...
CUJO Smart Firewall mdnscap mDNS character-strings code execution vulnerability
Summary An exploitable heap overflow vulnerability exists in the mdnscap binary of the CUJO Smart Firewall running firmware 7003. The string lengths are handled incorrectly when parsing character strings in mDNS resource records, leading to arbitrary code execution in the context of the mdnscap...
Endian Firewall Community release 3.3.0 Cross Site Scripting
Exploit Title: Endian Firewall Community release 3.3.0 | Cross-Site Scripting Date: 24.01.2019 Exploit Author: Ozer Goker Vendor Homepage: https://www.endian.com Software Link: https://sourceforge.net/projects/efw/files/Development/EFW-3.3.0/ Version: 3.3.0 Introduction Endian Firewall Community...
TerraMaster TOS System Command Injection Vulnerability (CNVD-2019-00663)
TerraMaster TOS is a set of storage server special operating system based on Linux platform developed by Terra Master. The system supports file sharing, cloud data synchronization, data backup and virtualization. TerraMaster TOS3.1.03 version of the ajaxdata.php file exists in the system command...
Netwide Assembler Null Pointer Dereference Vulnerability (CNVD-2019-05119)
Netwide Assembler NASM is a Linux-based assembler that creates binaries and writes bootloaders. A null pointer dereference vulnerability exists in the 'findlabel' function of the asm/labels.c file in NASM version 2.14rc15, which can be exploited by an attacker to cause a denial of service null...
DemonBot Fans DDoS Flames with Hadoop Enslavement
A Linux-based DDoS botnet dubbed DemonBot has been found enslaving Hadoop frameworks, using a vulnerability in Hadoop’s resource management tool to infect cloud servers with the botnet malware. Hadoop is a popular open-source framework, usually deployed in cloud environments, that organizations c...
Google Android Display Competitive Conditions Vulnerability
Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA, of which Display is a display component. A competitive condition vulnerability exists in Display in Android. A local attacker could exploit this vulnerability to cause a denial of...
Google Android Library Remote Code Execution Vulnerability
Android is a set of Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA for short.Framework is one of the Android framework components. A remote code execution vulnerability exists in Framework in Android. A remote attacker can exploit this...
Samsung SmartThings Hub hubCore Google Breakpad backtrace.io information disclosure vulnerability(CVE-2018-3927)
Summary An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub. When hubCore crashes, Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS connection to the backtrace.io service, leading to...
Samsung SmartThings Hub video-core RTSP Configuration Command Injection Vulnerability(CVE-2018-3856)
Summary An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of HTTP requests to trigger this...
Samsung SmartThings Hub video-core clips Code Execution Vulnerability(CVE-2018-3893 - CVE-2018-3897)
Summary Multiple exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An...
Samsung SmartThings Hub video-core credentials Parsing SQL Injection Vulnerability(CVE-2018-3879)
Summary An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub. The video-core process incorrectly parses the user-controlled JSON payload, leading to a JSON injection which in turn leads to a SQL injection in the...
Samsung SmartThings Hub hubCore Port 39500 HTTP Header Injection Vulnerability(CVE-2018-3911)
Summary An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub. The hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings' remote servers, which insecurely handle JSON messages, leading to partially controll...
Samsung SmartThings Hub video-core REST Request Parser HTTP Pipelining Injection Vulnerabilities(CVE-2018-3907 - CVE-2018-3909)
Summary Multiple exploitable vulnerabilities exist in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the previously parsed HTTP method, URL and body. An...
Samsung SmartThings Hub video-core samsungWifiScan Callback Code Execution Vulnerability(CVE-2018-3867)
Summary An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub. The video-core process incorrectly handles the answer received from a smart camera, leading to a buffer overflow on the stac...
Samsung SmartThings Hub video-core credentials Code Execution Vulnerability(CVE-2018-3873 - CVE-2018-3878)
Summary Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can...
Bugs in Samsung IoT Hub Leave Smart Home Open To Attack
Researchers found 20 vulnerabilities in Samsung’s SmartThings Hub, allowing attackers to control smart locks, remotely monitor the home via connected cameras and perform other alarming functions. Cisco Talos researchers, who published a technical breakdown of the vulnerabilities on Thursday, said...
Vulnerability Spotlight: Multiple Vulnerabilities in Samsung SmartThings Hub
These vulnerabilities were discovered by Claudio Bozzato of Cisco Talos. Executive Summary Cisco Talos recently discovered several vulnerabilities present within the firmware of the Samsung SmartThings Hub. In accordance with our coordinated disclosure policy, Cisco Talos has worked with Samsung ...
Samsung SmartThings Hub video-core Database find-by-cameraId Code Execution Vulnerability
Summary An exploitable stack-based buffer overflow vulnerability exists in the database “find-by-cameraId” functionality of video-core’s HTTP server of Samsung SmartThings Hub. The video-core process incorrectly handles existing records inside its SQLite database, leading to a buffer overflow on...