CVE-2019-13277

TRENDnet TEW-827DRU with firmware up to and including 2.04B03 allows an unauthenticated attacker to execute setup wizard functionality, giving this attacker the ability to change configuration values, potentially leading to a denial of service. The request can be made on the local intranet or...

CVE-2019-13277

The CVE-2019-13277 entry affects TRENDnet TEW-827DRU devices with firmware up to 2.04B03. An unauthenticated attacker can trigger the setup wizard functionality, enabling changes to configuration values. This can potentially lead to a denial of service. The attack is possible from the local intra...

CVE-2019-2113

In setup wizard there is a bypass of some checks when wifi connection is skipped. This could lead to factory reset protection bypass with no additional privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-122597079...

CVE-2019-2113

In setup wizard there is a bypass of some checks when wifi connection is skipped. This could lead to factory reset protection bypass with no additional privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-122597079...

Design/Logic Flaw

In setup wizard there is a bypass of some checks when wifi connection is skipped. This could lead to factory reset protection bypass with no additional privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-122597079...

CVE-2019-2113

In setup wizard there is a bypass of some checks when wifi connection is skipped. This could lead to factory reset protection bypass with no additional privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-122597079...

CVE-2019-1890

A vulnerability in the fabric infrastructure VLAN connection establishment of the Cisco Nexus 9000 Series Application Centric Infrastructure ACI Mode Switch Software could allow an unauthenticated, adjacent attacker to bypass security validations and connect an unauthorized server to the...

Slackor - A Golang Implant That Uses Slack As A Command And Control Server

A Golang implant that uses Slack as a command and control channel. This project was inspired by Gcat and Twittor. This tool is released as a proof of concept. Be sure to read and understand the Slack App Developer Policy before creating any Slack apps. Setup Note: The server is written in Python ...

CVE-2018-11686

The Publish Service in FlexPaper later renamed FlowPaper 2.3.6 allows remote code execution via setup.php and changeconfig.php...

DEBIAN-CVE-2019-13179

Calamares versions 3.1 through 3.2.10 copies a LUKS encryption keyfile from /cryptokeyfile.bin mode 0600 owned by root to /boot within a globally readable initramfs image with insecure permissions, which allows this originally protected file to be read by any user, thereby disclosing decryption...

CVE-2019-13178

modules/luksbootkeyfile/main.py in Calamares versions 3.1 through 3.2.10 has a race condition between the time when the LUKS encryption keyfile is created and when secure permissions are set...

SUSE-SU-2019:1490-1 Security update for libvirt

This update for libvirt fixes the following issues: Four new speculative execution information leak issues have been identified in Intel CPUs. bsc1111331 - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling MSBDS - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling MFBDS -...

CVE-2019-12460

Web Port 1.19.1 allows XSS via the /access/setup type parameter...

Design/Logic Flaw

Web Port 1.19.1 allows XSS via the /access/setup type parameter...

CVE-2019-12460

Web Port 1.19.1 allows XSS via the /access/setup type parameter...

CVE-2019-12460

CVE-2019-12460 affects Web Port 1.19.1 with a reflected XSS flaw exploitable via the /access/setup?type parameter. The issue stems from unsanitized input in the setup endpoint, enabling an attacker to inject and execute script in a victim’s browser. Public evidence includes PoC payloads and explo...

Crosslinked - LinkedIn Enumeration Tool To Extract Valid Employee Names From An Organization Through Search Engine Scraping

CrossLinked simplifies the processes of searching LinkedIn to collect valid employee names when performing password spraying or another security testing against an organization. Using similar search engine scraping capabilities found in tools like subscraper and pymeta, CrossLinked will find vali...

OSIF - Open Source Information Facebook

OSIF is an accurate facebook account information gathering, all sensitive information can be easily gathered even though the target converts all of its privacy to only me, Sensitive information about residence, date of birth, occupation, phone number and email address. Installation $ pkg update...

Sandbox Restrictions Bypass

Artifex Ghostscript is vulnerable to sandbox restrictions bypass attacks. This allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup...

Intel® SCS Discovery Utility and Intel® ACU Wizard Advisory

Summary: A potential security vulnerability in Intel® Setup and Configuration Software Intel® SCS Discovery Utility and Intel® AMT Configuration Utility Wizard Intel® ACU Wizard may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities...