16 matches found
EUVD-2019-13043
Malware in sbrugna...
Malicious code in @zalastax/nolb-_p0 (npm)
The package @zalastax/nolb-p0 was found to contain malicious code...
Malicious code in @zalastax/nolb-p0 (npm)
The package @zalastax/nolb-p0 was found to contain malicious code...
MAL-2025-12876 Malicious code in @zalastax/nolb-p0 (npm)
The package @zalastax/nolb-p0 was found to contain malicious code...
CVE-2019-3404
By adding some special fields to the uri ofrouter app function, the user could abuse background app cgi functions withoutauthentication. This affects 360 router P0 and F5C...
Agile Approach to Mass Cloud Credential Harvesting and Crypto Mining Sprints Ahead
Developers are not the only people who have adopted the agile methodology for their development processes. From 2023-06-15 to 2023-07-11, Permiso Security's p0 Labs team identified and tracked an attacker developing and deploying eight 8 incremental iterations of their credential harvesting malwa...
CVE-2020-35514
An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShif...
Cross-site Scripting (XSS) - Generic in bigprof-software/online-invoicing-system
✍️ Description A cross-site scripting XSS allows remote attackers to inject JavaScript via the "p0-start" Parameter 🕵️♂️ Proof of Concept You can find installation instructions here: https://bigprof.com/appgini/applications/online-invoicing-system Vulnerable Parameter: p0-start p1-start & p2-start...
FF Sandbox Escape (CVE-2020-12388)
By James Forshaw, Project Zero In my previous blog post I discussed an issue with the Windows Kernel’s handling of Restricted Tokens which allowed me to escape the Chrome GPU sandbox. Originally I’d planned to use Firefox for the proof-of-concept as Firefox uses the same effective sandbox level a...
360 P0 and F5C Licensing Issues Vulnerabilities
The Qihoo 360 P0 and 360 F5C are both wireless routers from the Chinese company Qihoo Technologies. An authorization issue vulnerability exists in the interfaces of the 360 P0 and F5C, which can be exploited by an attacker to obtain some of the user's information, cause the user to be unable to u...
CVE-2019-3404
By adding some special fields to the uri ofrouter app function, the user could abuse background app cgi functions withoutauthentication. This affects 360 router P0 and F5C...
Design/Logic Flaw
By adding some special fields to the uri ofrouter app function, the user could abuse background app cgi functions withoutauthentication. This affects 360 router P0 and F5C...
CVE-2019-3404
The CVE-2019-3404 issue affects 360 router P0 and F5C, where adding special fields to the URI of a router app function can allow a user to abuse background CGI functions without authentication. Root cause is a URI-level manipulation vulnerability in the router’s app function; impact is unauthoriz...
SUSE SLED15 / SLES15 Security Update : ucode-intel (SUSE-SU-2019:0712-1)
This update for ucode-intel fixes the following issues : Updated to the 20190312 bundle release bsc1129231 New Platforms : AML-Y22 H0 6-8e-9/10 0000009e Core Gen8 Mobile WHL-U W0 6-8e-b/d0 000000a4 Core Gen8 Mobile WHL-U V0 6-8e-d/94 000000b2 Core Gen8 Mobile CFL-S P0 6-9e-c/22 000000a2 Core Gen9...
Apple iOS / macOS - Sandbox Escape due to mach Message sent from Shared Memory Exploit
Exploit for multiple platform in category dos / poc Apple iOS/macOS - Sandbox Escape due to mach Message sent from Shared Memory iohideventsystem sets up a shared memory event queue; at the end of this shared memory buffer it puts a mach message which it sends whenever it wants to notify a client...
Apple iOS 10.3.1 - Kernel
Apple iOS 10.3.1 - Kernel Sources: https://github.com/doadam/ziVA https://blog.zimperium.com/ziva-video-audio-ios-kernel-exploit/ ziVA An iOS kernel exploit designated to work on all 64-bit iOS devices = 10.3.1 More general information...