Design/Logic Flaw

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allow any user to obtain the presentation passcode via the iso.3.6.1.4.1.3212.100.3.2.7.4 OIDs. A remote, unauthenticated attacker can use this vulnerability to access a restricted presentation or to become the presenter...

CVE-2019-3928

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allow any user to obtain the presentation passcode via the iso.3.6.1.4.1.3212.100.3.2.7.4 OIDs. A remote, unauthenticated attacker can use this vulnerability to access a restricted presentation or to become the presenter...

CVE-2019-3934

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code sending a crafted HTTP POST request to login.cgi. A remote, unauthenticated attacker can use this vulnerability to download the current slide image without knowing the access code...

CVE-2019-3933

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allows anyone to bypass the presentation code simply by requesting /images/browserslide.jpg via HTTP. A remote, unauthenticated attacker can use this vulnerability to watch a slideshow without knowing the access code...

CVE-2019-3933

The CVE-2019-3933 issue affects Crestron AM-100 (firmware 1.6.0.2) and AM-101 (firmware 2.7.0.2). The vulnerability allows a remote, unauthenticated attacker to bypass the presentation code by requesting /images/browserslide.jpg over HTTP, enabling watching a slideshow without the access code. No...

CVE-2019-3930

CVE-2019-3930 affects Crestron AM-100/AM-101, Barco wePresent WiPG-1000P/ WiPG-1600W (pre-2.4.1.19), Extron ShareLink 200/250, Teq AV IT WIPS710, SHARP PN-L703WA, Optoma WPS-Pro, Blackbox HD WPS, InFocus LiteShow3/4. Root cause: stack buffer overflow in libAwgCgi.so PARSERtoCHAR. Vulnerability al...

CVE-2019-3929

CVE-2019-3929 is a remote, unauthenticated command-injection vulnerability exploitable via the file_transfer.cgi HTTP endpoint. Affected devices include Crestron AM-100 (firmware 1.6.0.2) and AM-101 (2.7.0.1); Barco wePresent WiPG-1000P (2.3.0.10) and WiPG-1600W prior to 2.4.1.19; Extron ShareLin...

CVE-2019-3928

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 allow any user to obtain the presentation passcode via the iso.3.6.1.4.1.3212.100.3.2.7.4 OIDs. A remote, unauthenticated attacker can use this vulnerability to access a restricted presentation or to become the presenter...

CVE-2019-3928

CVE-2019-3928 affects Crestron AM-100 (firmware 1.6.0.2) and AM-101 (firmware 2.7.0.2): an unauthenticated remote attacker can obtain the presentation passcode via the OIDs iso.3.6.1.4.1.3212.100.3.2.7.4 and either access a restricted presentation or become the presenter. Connected sources confir...

PT-2019-16782 · Crestron · Crestron Am-100 +1

Name of the Vulnerable Software and Affected Versions: Crestron AM-100 version 1.6.0.2 Crestron AM-101 version 2.7.0.2 Description: The issue allows any user to obtain the presentation passcode via specific OIDs, iso.3.6.1.4.1.3212.100.3.2.7.4. A remote, unauthenticated attacker can exploit this ...

Call For Customer Presentations at Black Hat USA 2019!

Tell your security story to your peers at Black Hat USA 2019! Qualys is looking for customers excited to share your security story, for example: How you integrate security into DevOps Best practices for building security into modern enterprises Case studies leveraging the use of the Qualys Cloud...

Mirai Variant Adds Dozen New Exploits to Target Enterprise IoT Devices

Security researchers have uncovered a new variant of the infamous Mirai Internet of Things botnet, this time targeting embedded devices intended for use within business environments in an attempt to gain control over larger bandwidth to carry out devastating DDoS attacks. Although the original...

Mirai Variant Goes After Enterprise Systems

Researchers have discovered a new variant of the infamous Mirai IoT botnet, which has been sniffing out and targeting vulnerabilities in enterprise wireless presentation and display systems since January. Palo Alto Network’s Unit 42 researchers said that the newest variant of Mirai is notably...

Practical advice for earning higher Microsoft bounty awards

This year at the Nullcon International Security Conference I shared practical advice for how security researchers can maximize the impact of their security vulnerability submissions and earn higher bounty awards under the Microsoft Bounty Program. For those who couldn’t be there, I had two core...

[SECURITY] Fedora 28 Update: php-Smarty-3.1.33-1.fc28

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. This implies that PHP code is application logic, and is separated from the presentation. Autoloader: /usr/share/php/Smarty/autoload.php...

Postmates: Web cache poisoning attack leads to user information and more

Hello, Your Web-Server is vulnerable to web cache poisoning attacks. This means, that the attacker are able to get another user informations. If you are logged in and visit this website For example: https://postmates.com/SomeRandomText.css Then the server will store the information in the cache,...

Bincat - Binary Code Static Analyser, With IDA Integration

BinCAT is a static Binary Code Analysis Toolkit, designed to help reverse engineers, directly from IDA. It features: value analysis registers and memory taint analysis type reconstruction and propagation backward and forward analysis use-after-free and double-free detection In action You can chec...

Impact of 62 million devices: the interpretation I is how to find the Marvell Avastar Wi-Fi remote code execution vulnerability-vulnerability warning-the black bar safety net

One, overview In the present study, I will mainly analyze the Marvell WiFi-FullMAC SoC security. Since we have not yet completed the product with a chip of a wireless device of research, and therefore which may contain large amounts of unaudited code, which might appear serious security problems...

[SECURITY] Fedora 29 Update: php-Smarty2-2.6.31-2.fc29

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. This implies that PHP code is application logic, and is separated from the presentation...

[SECURITY] Fedora 28 Update: php-Smarty2-2.6.31-2.fc28

Smarty is a template engine for PHP, facilitating the separation of presentation HTML/CSS from application logic. This implies that PHP code is application logic, and is separated from the presentation...