Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches Vulnerabilities

Multiple vulnerabilities that affect Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches could allow an attacker to execute persistent code at boot time or to permanently prevent the device from booting, resulting in a permanent denial of service DoS condition. For...

Buffer overflow

NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers ROM version 1B have a buffer overflow in parsing SB2 updates before the signature is verified. This can allow an attacker to achieve non-persistent code execution via a crafted...

CVE-2022-22819

NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers ROM version 1B have a buffer overflow in parsing SB2 updates before the signature is verified. This can allow an attacker to achieve non-persistent code execution via a crafted...

Hardcoded credentials

An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It mishandles software updates such that local third-party apps can provide a spoofed software update file that contains an arbitrary shell script and arbitrary ARM binary, where both will be executed as the root user with an...

Cisco Adaptive Security Appliance and Firepower Threat Defense Secure Boot Bypass Vulnerability

Cisco Firepower Threat Defense and Cisco Adaptive Security Appliance are both products of Cisco, Inc. Cisco Firepower Threat Defense is a suite of unified software that provides next-generation firewall services.Cisco Adaptive Security Appliance is a firewall and network security platform. Cisco...

CVE-2019-20357

A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 v160 and 2019 v15 consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system...

Stable Channel Update for Chrome OS

The Stable channel has been updated to 62.0.3202.74 Platform version: 9901.54.0/1 for most Chrome OS devices. This build contains a number of bug fixes and security updates. Systems will be receiving updates over the next several days. New Features Kerberos SSO integration for Active Directory...

OnePlus 3/3T open up an ADB session without authorization (CVE-2017-5622)

Last month we published CVE-2017-5626 patched in OxygenOS 4.0.2, a vulnerability which allowed attackers to effectively unlock a OnePlus 3/3T device without a factory reset. Combining this with our also discovered CVE-2017-5624 patched in OxygenOS 4.0.3 enabled a powerful attack against locked...

Privilege escalation

An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the locked bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disabledmverity' command. Having dm-verity disabled, the kernel will not verify the system...

CVE-2017-5624

An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. The attacker can persistently make the locked bootloader start the platform with dm-verity disabled, by issuing the 'fastboot oem disabledmverity' command. Having dm-verity disabled, the kernel will not verify the system...

Google Offers Bug Bounty Vulnerability Research Grants

Google last week announced that it has instituted a program for 2015 in which researchers can receive up to 3,133.70 in grant money for bug hunting. Researchers must apply for the grants, which will be an up-front award that will be paid out before a bug is submitted, Google said. “Researchers’...

Supr Shopsystem 5.1.0 - Persistent UI Vulnerability

Exploit for php platform in category web applications Product & Service Introduction: =============================== SUPR is a modern and user-friendly system which allows each store very quickly and easily create their own online store. Without installation and own webspace you can begin to...

Zimbra 7.2 NE & OSE 7.2 GA - Multiple Web Vulnerabilities

Document Title: =============== Zimbra 7.2 NE & OSE 7.2 GA - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=581 Release Date: ============= 2012-06-14 Vulnerability Laboratory ID VL-ID: ==================================== 5...