Dating Site Bumble Leaves Swipes Unsecured for 100M Users

After a taking closer look at the code for popular dating site and app Bumble, where women typically initiate the conversation, Independent Security Evaluators researcher Sanjana Sarda found concerning API vulnerabilities. These not only allowed her to bypass paying for Bumble Boost premium...

Drobo 5N2 4.1.1 - Remote Command Injection

Drobo 5N2 4.1.1 - Remote Command Injection Exploit Title: Drobo 5N2 4.1.1 - Remote Command Injection Date: 2020-03-12 Exploit Author: Rick Ramgattie, Ian Sindermann Vendor Homepage: https://www.drobo.com/ Version: 4.1.1 and lower. CVE: CVE-2018-14709, CVE-2018-14701 !/usr/bin/env python3 nasty.py...

125 New Flaws Found in Routers and NAS Devices from Popular Brands

The world of connected consumer electronics, IoT, and smart devices is growing faster than ever with tens of billions of connected devices streaming and sharing data wirelessly over the Internet, but how secure is it? As we connect everything from coffee maker to front-door locks and cars to the...

Threatpost Poll: Are Password Managers Too Risky?

Do you use a password manager? Or do you think they pose too much of a risk, holding all the keys to the kingdom? Weigh in with our poll, below. A little background: There have been vulnerabilities found before in this kind of software, which is meant to take the headache out of remembering...

TRENDnet TEW-812DRU CSRF/Command Injection Root Exploit

No description provided by source. html head title TRENDnet TEW-812DRU CSRF - Command Injection Shell Exploit./title !-- CSRF Discovered by: Jacob Holcomb - Security Analyst @ Independent Security Evaluators Command Injections Discovered by: Jacob Holcomb & Kedy Liu - Security Analysts @...

MIPS Little Endian - Reverse Shell Shellcode Linux

MIPS Little Endian - Reverse Shell Shellcode Linux. Shellcode exploit for hardware platform MIPS Little Endian Reverse Shell ASM File and Assembled Shellcode Written by Jacob Holcomb, Security Analyst @ Independent Security Evaluators Blog: http://infosec42.blogspot.com Company Website:...

Xibo - Cross-Site Request Forgery

Xibo - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/62064/info Xibo is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks...

TRENDnet TEW-812DRU - Cross-Site Request Forgery/Command Injection Root

TRENDnet TEW-812DRU CSRF - Command Injection Shell Exploit. Please wait... //Request to enable port forwarding to the routers internal IP on port 23 //This exploit works without this request, but the exploit was more stable with it, so its included in thos PoC. function RF1 document.write''+ ''+...

TRENDnet TEW-812DRU - Cross-Site Request ForgeryCommand Injection Root

TRENDnet TEW-812DRU - Cross-Site Request ForgeryCommand Injection Root TRENDnet TEW-812DRU CSRF - Command Injection Shell Exploit. Please wait... //Request to enable port forwarding to the routers internal IP on port 23 //This exploit works without this request, but the exploit was more stable wi...

MIPS Little Endian Shellcode

MIPS Little Endian Shellcode. CVE-2013-4659. Shellcode exploit for mips platform Disassembled MIPS Little Endian Shellcode Shellcode was designed for ACSD exploit on the ASUS RT-AC66U SOHO router. CVE: CVE-2013-4659 Written by Jacob Holcomb, Security Analyst @ Independent Security Evaluators Blog...

Static HTTP Server 1.0 - Local Overflow (SEH)

!/usr/bin/env python import os TitleStatic HTTP Server SEH Overflow - HTTP Config - httptiplist Discovered and ReportedJune 2013 Discovered/Exploited ByJacob Holcomb/Gimppy, Security Analyst @ Independent Security Evaluators Exploit/Advisoryhttp://infosec42.blogspot.com/ SoftwareStatic HTTP Serve...

PCMan's FTP Server 2.0.7 - Buffer Overflow Exploit

Exploit for windows platform in category remote exploits !/usr/bin/env python import signal from time import sleep from socket import from sys import exit, excinfo TitlePCMan FTP Server v2.0.7 Remote Root Shell Exploit - USER Command Discovered and ReportedJune 2013 Discovered/Exploited ByJacob...

PCMan FTP Server 2.0.7 - Remote Buffer Overflow

PCMan FTP Server 2.0.7 - Remote Buffer Overflow !/usr/bin/env python import signal from time import sleep from socket import from sys import exit, excinfo TitlePCMan FTP Server v2.0.7 Remote Root Shell Exploit - USER Command Discovered and ReportedJune 2013 Discovered/Exploited ByJacob...

Verizon Fios Router MI424WR-GEN3I - Cross-Site Request Forgery

Verizon Fios Router MI424WR-GEN3I - Cross-Site Request Forgery Exploit Title: Verizon Fios Router CSRF Admin Shell Date: Discovered and reported January 2013 Author: Jacob Holcomb/Gimppy - Security Analyst @ Independent Security Evaluators Software: Verizon FIOS Router - Firmware 40.19.36...

Verizon Fios Router MI424WR-GEN3I - Cross-Site Request Forgery

Exploit Title: Verizon Fios Router CSRF Admin Shell Date: Discovered and reported January 2013 Author: Jacob Holcomb/Gimppy - Security Analyst @ Independent Security Evaluators Software: Verizon FIOS Router - Firmware 40.19.36 http://verizon.com CVE: CVE-2013-0126 Advisory/Video:...

Cisco Unity Express - Multiple Vulnerabilities

Exploit Title: Cisco Unity Express Multiple Vulnerabilities Reported: December 2012 Disclosed: February 2013 Author: Jacob Holcomb of Independent Security Evaluators CVE: XSS - CVE-2013-1114 and CSRF - CVE-2013-1120 http://infosec42.blogspot.com/2013/02/cisco-unity-express-vulnerabilites.html Cis...

Cisco Unity Express Cross-Site Scripting Vulnerabilities

Cisco Unity Express contains multiple vulnerabilities that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerabilities are due to insufficient sanitization of user-supplied input processed by the Cisco Unity Express software. An unauthenticated,...

Cisco Wireless Lan Controller 7.2.110.0 - Multiple Vulnerabilities

Cisco WLC CSRF, DoS, and Persistent XSS Vulnerabilities Exploit Title: u M@d? - Cisco WLC CSRF, DoS, and Persistent XSS Vulnerabilities Date: Discovered and reported November 2012 Author: Jacob Holcomb/Gimppy042 - Security Analyst @ Independent Security Evaluators Software: Cisco Wireless Lan...

Apple Safari and Internet Explorer 8 Go Down at Pwn2Own, iPhone Up Next

VANCOUVER–On the first day of the Pwn2Own contest here, contestants were able to take down both Safari on Mac OS X and Internet Explorer 8 on Windows 7. None of the researchers decided to try their hand against Google Chrome, however, so that browser was the only one still standing after day one...

Acrobat Acrobat - Font Parsing Integer Overflow

Acrobat Acrobat - Font Parsing Integer Overflow From the authors site: In this article, I'm going to share with you my observations and analysis on recent Adobe Acrobat Font Parsing vulnerability. Source document exists here: http://securityevaluators.com/files/papers/CrashAnalysis.pdf page 51-58...