USN-4412-1: Linux kernel vulnerabilities

Matthew Sheets discovered that the SELinux network label handling implementation in the Linux kernel could be coerced into de-referencing a NULL pointer. A remote attacker could use this to cause a denial of service system crash. CVE-2020-10711 It was discovered that the SCSI generic sg driver in...

Linux/ARM 0.0.0.0:1337/TCP Bindshell Shellcode

100 bytes small null-free Linux/ARM shellcode that binds /bin/sh to 0.0.0.0:1337/TCP. Title: Linux/ARM Raspberry Pi - Bind 0.0.0.0:1337/TCP Shell /bin/sh + Null-Free Shellcode 100 bytes Date: 2020-06-09 Architecture: armv6l GNU/Linux Website: http://www.theanuragsrivastava.com Author: Anurag...

Linux/ARM execve /bin/dash Shellcode

32 bytes small Linux/ARM execve /bin/dash shellcode. Title: Linux/ARM - execve /bin/dash Shellcode 32 bytes Date: 2020-06-08 Category: Shellcode Tested: armv7l 32-bitRaspberry Pi 2 Model B OS: Raspbian Buster Lite Author: Anurag Srivastava Description: execve shellcode / Objdump...

Linux/ARM - execve /bin/dash Shellcode (32 bytes)

Title: Linux/ARM - execve /bin/dash Shellcode 32 bytes Category: Shellcode Tested: armv7l 32-bitRaspberry Pi 2 Model B OS: Raspbian Buster Lite Author: Anurag Srivastava Description: execve shellcode / Objdump pi@raspberrypi:/hex $ objdump -d ed1 ed1: file format elf32-littlearm Disassembly of...

Linux/ARM - Bind (0.0.0.0:1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (100 bytes)

Title: Linux/ARM Raspberry Pi - Bind 0.0.0.0:1337/TCP Shell /bin/sh + Null-Free Shellcode 100 bytes Date: 2020-06-09 Architecture: armv6l GNU/Linux Website: http://www.theanuragsrivastava.com Author: Anurag Srivastava / bindwala: file format elf32-littlearm Disassembly of section .text: 00010054 ...

Introduction to PLCs and Ladder Logic

Introduction We do a lot of client work with ICS, IIoT, and SCADA. We've been to various power plants, factories, electricity substations and they all use the same technology in the form of a PLC. A PLC is a Programmable Logic Controller. PLCs are what keep our Critical National Infrastructure...

raspberry-pi.ksyic.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1179729 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

USN-4363-1: Linux kernel vulnerabilities

It was discovered that the Serial CAN interface driver in the Linux kernel did not properly initialize data. A local attacker could use this to expose sensitive information kernel memory. CVE-2020-11494 It was discovered that the linux kernel did not properly validate certain mount options to the...

USN-4367-1: Linux kernel vulnerabilities

It was discovered that the btrfs implementation in the Linux kernel did not properly detect that a block was marked dirty in some situations. An attacker could use this to specially craft a file system image that, when unmounted, could cause a denial of service system crash. CVE-2019-19377 It was...

raspberry-pi.fr Improper Access Control vulnerability

Open Bug Bounty ID: OBB-1163852 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

USN-4324-1: Linux kernel vulnerabilities

Al Viro discovered that the vfs layer in the Linux kernel contained a use- after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly expose sensitive information kernel memory. CVE-2020-8428 Shijie Luo discovered that the ext4 file system...

USN-4300-1: Linux kernel vulnerabilities

It was discovered that the KVM implementation in the Linux kernel, when paravirtual TLB flushes are enabled in guests, the hypervisor in some situations could miss deferred TLB flushes or otherwise mishandle them. An attacker in a guest VM could use this to expose sensitive information read memor...

Introduction to Bluetooth Low Energy

Bluetooth Low Energy BLE is used by almost everyone in our everyday lives, from wireless headphones, to car stereos, computer keyboards and mice, and other everyday items. Even though this standard is popular there seems a general lack of understanding of how it works and what certain terms mean...

CVE-2019-10796

rpi through 0.0.3 allows execution of arbritary commands. The variable pinNumbver in function GPIO within src/lib/gpio.js is used as part of the arguement of exec function without any sanitization...

CVE-2019-10796

rpi through 0.0.3 allows execution of arbritary commands. The variable pinNumbver in function GPIO within src/lib/gpio.js is used as part of the arguement of exec function without any sanitization...

USN-4287-1: Linux kernel vulnerabilities

It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. CVE-2019-14615 It was discovered that the Atheros 802.11ac wireless USB device driver in the...

Command Injection

Overview rpi is a Node.js library to use the Raspberry Pi GPIOs. Affected versions of this package are vulnerable to Command Injection. The variable pinNumbver in function GPIO within src/lib/gpio.js is used as part of the arguement of exec function without any sanitization. PoC by JHU System...

Exploit for Incorrect Calculation in Google Android

cve-2020-0022 poc for cve-2020-0022 usage gcc poc.c -l...

piSignage 2.6.4 - Directory Traversal Vulnerability

Exploit for hardware platform in category web applications Exploit Title: piSignage 2.6.4 - Directory Traversal Exploit Author: JunYeong Ko Vendor Homepage: https://pisignage.com/ Version: piSignage before 2.6.4 Tested on: piSignage before 2.6.4 CVE : CVE-2019-20354 Summary: The web application...

Unspecified vulnerability in piSignage

piSignage is an HD video digital signage player. A security vulnerability exists in the web application component of piSignage versions prior to 2.6.4. A remote attacker can exploit the vulnerability to download arbitrary files from a Raspberry Pi...