14 matches found
EUVD-2011-2183
Malware in sbrugna...
EUVD-2021-19641
Malware in sbrugna...
EUVD-2018-15619
Malware in sbrugna...
EUVD-2011-4133
Malware in sbrugna...
EUVD-2017-12024
Malware in sbrugna...
CVE-2021-32919
An issue was discovered in Prosody before 0.11.9. The undocumented dialbackwithoutdialback option in moddialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowing a remote server to impersonate another serv...
CVE-2018-4012
An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webroot BrightCloud SDK. The function bchttpreadheader incorrectly handles overlong headers, leading to arbitrary code execution. An unauthenticated attacker could impersonate a remote BrightCloud serve...
Webroot BrightCloud SDK HTTP headers-parsing code execution vulnerability
Summary An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webroot BrightCloud SDK. The function bchttpreadheader incorrectly handles overlong headers, leading to arbitrary code execution. An unauthenticated attacker could impersonate a remote BrightClo...
Design/Logic Flaw
An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the firmware version that is going to be installed...
CVE-2018-3833
CVE-2018-3833 affects Insteon Hub (firmware 1013). The firmware upgrade flow fetches signed firmware over plain HTTP and does not verify that the new image is newer than the installed one, enabling an attacker (MITM impersonating cache.insteon.com) to flash older firmware. TALOS research notes mi...
CVE-2018-3834
Summary of CVE-2018-3834, Insteon Hub : The issue affects Insteon Hub firmware 1013. The PubNub-based firmware upgrade fetches signed binaries over plain HTTP and does not verify the firmware image type, allowing an attacker to supply a mismatched FW/PLM image signed with the same key. If a PLM i...
Circle with Disney Database Updater Code Execution Vulnerability(CVE-2017-2883)
Summary An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to execute arbitrary code. An attacker needs to impersonate a remote server in order to trigger this vulnerability...
CVE-2017-2883
An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to execute arbitrary code. An attacker needs to impersonate a remote server in order to trigger this vulnerability...
CVE-2017-2882
An exploitable vulnerability exists in the servers update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to overwrite sensitive files, resulting in code execution. An attacker needs to impersonate a remote server in order to...