535 matches found
Information disclosure
An information disclosure vulnerability exists in the Friend finder functionality of GmbH Komoot version 10.26.9 up to 11.1.11. A specially crafted series of network requests can lead to the disclosure of sensitive information...
CVE-2021-21823
An information disclosure vulnerability exists in the Friend finder functionality of GmbH Komoot version 10.26.9 up to 11.1.11. A specially crafted series of network requests can lead to the disclosure of sensitive information...
CVE-2021-21823
Komoot GmbH Komoot Android app: The Friend finder allows substring search in versions 10.26.9–11.1.11, enabling enumeration of user emails and profile IDs via crafted requests. This information disclosure impact is documented with CVSSv3 5.3. Vendor patch issued in 2021-05-28; apply the patched r...
CVE-2021-21820
A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2021-21820
A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2021-21818
A hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of requests to trigger this vulnerability...
D-LINK DIR-3040 Syslog information disclosure vulnerability
Talos Vulnerability Report TALOS-2021-1283 D-LINK DIR-3040 Syslog information disclosure vulnerability July 15, 2021 CVE Number CVE-2021-21818 Summary A hard-coded password vulnerability exists in the Zebra IP Routing Manager functionality of D-LINK DIR-3040 1.13B03. A specially crafted network...
Allen-Bradley Flex IO Security Vulnerability
Allen-Bradley Flex IO is a remote IO suite in an industrial automation control system from Allen-bradley USA. A security vulnerability exists in Allen-Bradley Flex IO that stems from a specially crafted network request that could result in a denial of service by interrupting communication with th...
Rockwell Automation RSLinx Classic 缓冲区错误漏洞
Rockwell Automation RSLinx Classic is a suite of industrial communication solutions from Rockwell Automation. The solution supports access to RockwellSoftware, Allen-Bradley applications, etc. via Allen-Bradley programmable controllers. A denial of service vulnerability exists in Rockwell...
h1-ctf: Invading Grinch Network and Saving Christmas
How we saved Christmas As usual with H1 CTF challenges we are provided with a target URL. In our case it is the following: https://hackyholidays.h1ctf.com/ We started by visiting the URL and see what is going on. All we could see is a page with an image with a warning message. F1125722 We quickly...
CVE-2020-13530
A denial-of-service vulnerability exists in the Ethernet/IP server functionality of the EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A large number of network requests in a small span of time can cause the running program to stop. An attacker can send a sequence of requests to trigg...
CVE-2020-13556
An out-of-bounds write vulnerability exists in the Ethernet/IP server functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this...
Cross site scripting
An out-of-bounds write vulnerability exists in the Ethernet/IP server functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this...
EIP Stack Group OpENer Ethernet/IP server out-of-bounds write vulnerability
Summary An out-of-bounds write vulnerability exists in the Ethernet/IP server functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this...
Cisco Expressway Software TURN Server Configuration Issue
The Traversal Using Relays around NAT TURN server component of Cisco Expressway software supports the relay of media connections through a firewall using proxy services. As a result of this feature, interfaces such as the Cisco Expressway web administrative interface may become accessible from...
Padding-Oracle-Attacker - CLI Tool And Library To Execute Padding Oracle Attacks Easily
CLI tool and library to execute padding oracle attacks easily, with support for concurrent network requests and an elegant UI. Install Make sure Node.js is installed, then run $ npm install --global padding-oracle-attacker or $ yarn global add padding-oracle-attacker CLI Usage Usage $...
Hardcoded credentials
Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the Control Dashboard on a hardcoded IP address. Credentials to such wireless interface default to well known and widely spread users omitted and passwords omitted. This...
CVE-2020-10270
CVE-2020-10270 affects MiR robotic fleet (MiR100/MiR200, potentially others) where the Control Dashboard is reachable on a hardcoded IP via wired/wireless interfaces. The flaw enables control of the robot through default, widely known credentials, as documented in past guides, and may be extended...
IBM Maximo Asset Management Code Issue Vulnerability
IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. A code issue...
Server-Side Request Forgery
Web applications often rely on network requests to query external resources and retrieve data in order to process it. A Server-Side Request Forgery SSRF vulnerability exists when an attacker is able to control these outbound requests and send it to a resource he owns, to the localhost itself, or ...