piSignage 2.6.4 Directory Traversal

Exploit Title: piSignage 2.6.4 - Directory Traversal Date: 2019-11-13 Exploit Author: JunYeong Ko Vendor Homepage: https://pisignage.com/ Version: piSignage before 2.6.4 Tested on: piSignage before 2.6.4 CVE : CVE-2019-20354 Summary: The web application component of piSignage before 2.6.4 allows ...

piSignage 2.6.4 - Directory Traversal

piSignage 2.6.4 - Directory Traversal Exploit Title: piSignage 2.6.4 - Directory Traversal Date: 2019-11-13 Exploit Author: JunYeong Ko Vendor Homepage: https://pisignage.com/ Version: piSignage before 2.6.4 Tested on: piSignage before 2.6.4 CVE : CVE-2019-20354 Summary: The web application...

piSignage 2.6.4 - Directory Traversal

Exploit Title: piSignage 2.6.4 - Directory Traversal Date: 2019-11-13 Exploit Author: JunYeong Ko Vendor Homepage: https://pisignage.com/ Version: piSignage before 2.6.4 Tested on: piSignage before 2.6.4 CVE : CVE-2019-20354 Summary: The web application component of piSignage before 2.6.4 allows ...

Path traversal

The web application component of piSignage before 2.6.4 allows a remote attacker authenticated as a low-privilege user to download arbitrary files from the Raspberry Pi via api/settings/log?file=../ path traversal. In other words, this issue is in the player API for log download...

CVE-2019-20354

The web application component of piSignage before 2.6.4 allows a remote attacker authenticated as a low-privilege user to download arbitrary files from the Raspberry Pi via api/settings/log?file=../ path traversal. In other words, this issue is in the player API for log download...

MyDomoAtHome (MDAH) REST API Domoticz ISS Gateway 0.2.40 Information Disclosure

Summary REST Gateway between Domoticz and Imperihome ISS. Domoticz is a home automation system with a pretty wide library of supported devices, ranging from weather stations to smoke detectors to remote controls, and a large number of additional third-party integrations are documented on the...

W1.fi hostapd deauthentication denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in ...

ReconPi - Set Up Your Raspberry Pi To Perform Basic Recon Scans

ReconPi - A lightweight recon tool that performs extensive reconnaissance with the latest tools using a Raspberry Pi. Start using that Raspberry Pi -- I know you all have one laying around somewhere ; Installation Check the updated blogpost here for a complete guide on how to set up your own...

USN-4184-1: Linux kernel vulnerabilities

Stephan van Schaik, Alyssa Milburn, Sebastian Österlund, Pietro Frigo, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida, Giorgi Maisuradze, Moritz Lipp, Michael Schwarz, Daniel Gruss, and Jo Van Bulck discovered that Intel processors using Transactional Synchronization Extensions TSX could expose...

USN-4163-1: Linux kernel vulnerabilities

It was discovered that a race condition existed in the ARC EMAC ethernet driver for the Linux kernel, resulting in a use-after-free vulnerability. An attacker could use this to cause a denial of service system crash. CVE-2016-10906 It was discovered that a race condition existed in the Serial...

Explained: war shipping

Yesterday, Mike from the mailroom came up and asked whether I knew anyone called “Simon Smith.” He received an envelope addressed to our company and to the attention of Mr. Smith, but there was no one by that name on his list of employees. It wasn’t on mine either and HR was unaware of a person b...

Linux/ARM - Fork Bomb Shellcode (20 bytes)

Title: Linux/ARM - Fork Bomb Shellcode 20 bytes Category: Shellcode Tested: armv7l 32-bitRaspberry Pi 2 Model B OS: Raspbian Buster Lite Author: CJHackerz Description: This shellcode creates new processes in infinite loop to exhaust CPU resources leading to crash / Compilation instruction...

Real-life social engineering. Another two days in tweets

What happens in a real life social engineering exercise? There’s a lot of planning and preparation that goes on behind the scenes: it’s not a matter of turning up to a site and ‘winging it’! I live tweeted an exercise a little while back, to give a flavour of a real task in real time. For reasons...

USN-4144-1: Linux kernel vulnerabilities

It was discovered that the XFS file system in the Linux kernel did not properly handle mount failures in some situations. A local attacker could possibly use this to cause a denial of service system crash or execute arbitrary code. CVE-2018-20976 Benjamin Moody discovered that the XFS file system...

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2019:2412-1)

The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following new features were implemented : jscSLE-4875: CML New device IDs for CML jscSLE-7294: Add cpufreq driver for Raspberry Pi fate322438: Integrate P9 XIVE support on PowerVM only fate322447: Ad...

SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2424-1)

The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following new features were implemented : jscSLE-4875: CML New device IDs for CML jscSLE-7294: Add cpufreq driver for Raspberry Pi fate326869: perf: pmu memload/store event support fate327380: KVM: A...

SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:2414-1)

The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following new features were implemented : jscSLE-4875: CML New device IDs for CML jscSLE-7294: Add cpufreq driver for Raspberry Pi fate321840: Reduce memory required to boot capture kernel while using...

USN-4115-2: Linux kernel regression

USN 4115-1 fixed vulnerabilities in the Linux 4.15 kernel for Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. Unfortunately, as part of the update, a regression was introduced that caused a kernel crash when handling fragmented packets in some situations. This update addresses the issue. We apologize for...

USN-4115-1: Linux kernel vulnerabilities

Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service system crash. CVE-2018-19985 Zhipeng Xie discovered that an...

Hashcatch - Capture Handshakes Of Nearby WiFi Networks Automatically

Hashcatch deauthenticates clients connected to all nearby WiFi networks and tries to capture the handshakes. It can be used in any linux device including Raspberry Pi and Nethunter devices so that you can capture handshakes while walking your dog Written by @SivaneshAshok PoC of hashcatch running...