322 matches found
sed bug fix and enhancement update
An update is available for sed. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterprise...
Sql injection
Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrlsaveprofile.cgi save parameter and cgi-bin/ddns.cgi...
CVE-2019-13398
Dynacolor FCM-MB40 v1.2.0.0 devices allow remote attackers to execute arbitrary commands via a crafted parameter to a CGI script, as demonstrated by sed injection in cgi-bin/camctrlsaveprofile.cgi save parameter and cgi-bin/ddns.cgi...
Symantec Endpoint Encryption Privilege Escalation
SUMMARY Symantec has released an update to address issues that were discovered in the Symantec Endpoint Encryption and Symantec Encryption Desktop products. AFFECTED PRODUCTS Symantec Endpoint Encryption SEE --- CVE | Affected Versions | Remediation CVE-2019-9702 CVE-2019-9703 | Prior to SEE 11.3...
Yum Package Manager Persistence
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Yum Package Manager Persistence', 'Description' = %q This module will run a payload when the package manager is used. No handler is ran...
contact.sh - An OSINT tool to find contacts in order to report security vulnerabilities
An OSINT tool to find contacts in order to report security vulnerabilities. Installation Linux Make sure you have installed the whois and jq packages. $ git clone https://github.com/EdOverflow/contact.sh.git $ cd contact.sh/ $ chmod u+x contact.sh $ ./contact.sh -d google.com -c google OSX $ brew...
CVE-2015-7268
Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or ThinkPad W541 laptops with BIOS 2.21, or in Opal or eDrive mode on Dell Latitude E6410 laptops wi...
CVE-2015-7267
Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with BIOS A16; or Latitud...
Hardcoded credentials
Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with BIOS A16; or Latitud...
CVE-2015-7268
Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or ThinkPad W541 laptops with BIOS 2.21, or in Opal or eDrive mode on Dell Latitude E6410 laptops wi...
CVE-2015-7269
Seagate ST500LT015 hard disk drives, when operating in eDrive mode on Lenovo ThinkPad W541 laptops with BIOS 2.21, allow physically proximate attackers to bypass self-encrypting drive SED protection by attaching a second SATA connector to exposed pins, maintaining an alternate power source, and...
CVE-2015-7269
Summary: The CVE-2015-7269 vulnerability affects Seagate ST500LT015 hard drives in Lenovo ThinkPad W541 laptops running BIOS 2.21, where an attacker in close physical proximity can bypass the drive’s self-encrypting drive (SED) protection by a “Hot Unplug Attack" using a second SATA connector and...
CVE-2015-7267
Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with BIOS A16; or Latitud...
CVE-2015-7268
The CVE-2015-7268 entry describes a hardware-level vulnerability affecting Samsung 850 Pro/PM851 SSDs and Seagate ST500LT015/ST500LT025 HDDs when used with Windows and specific Opal/eDrive configurations on certain Lenovo/Dell laptops. The issue allows physically proximate attackers to bypass sel...
CVE-2017-12094
An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary sed commands. An attacker needs to setup an access point reachable by the device to trigger this vulnerability...
CVE-2017-12094
An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary sed commands. An attacker needs to setup an access point reachable by the device to trigger this vulnerability...
Circle with Disney Command Injection Vulnerability (CNVD-2017-33187)
Circle with Disney is a set of network monitoring and management devices for monitoring children's online behavior from Circle Media, Inc. in the United States. A command injection vulnerability exists in the WiFi Channel parsing in Circle with Disney version 2.0.1. The vulnerability can be...
Circle with Disney Startup WiFi Channel Parsing Command Injection Vulnerability
Summary An exploitable vulnerability exists in the WiFi Channel parsing of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary sed commands. An attacker needs to setup an access point reachable by the device to trigger this vulnerability...
CVE-2017-13679
CVE-2017-13679 affects Symantec Encryption Desktop (SED) before SED 10.4.1 MP2HF1. Public material indicates DoS conditions that disrupt services of a host/resource; related entries also describe CVE-2017-13682 and CVE-2017-13683 (kernel memory leaks) within the same product line. Remediation per...
CVE-2017-6330
CVE-2017-6330 affects Symantec Encryption Desktop (SED) prior to version 10.4.1 MP2. The DoS vulnerability allows remote attackers to cause resource consumption to the affected system by sending crafted web requests. The issue is documented across multiple sources in the connected documents, all ...