PT-2018-16302 · Yi · Yi Home Camera

Name of the Vulnerable Software and Affected Versions: Yi Home Camera 27US version 1.8.7.0D Description: An exploitable code execution issue exists in the cloud OTA setup functionality. A specially crafted SSID can cause a command injection, resulting in code execution. An attacker can trigger th...

RHEL 7 : setup (RHSA-2018:3249)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2018:3249 advisory. The setup package contains a set of important default system configuration and setup files. Examples include /etc/passwd, /etc/group, and /etc/profil...

Yi Technology Home Camera 27US cloudAPI SSID Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the cloud OTA setup functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted SSID can cause a command injection, resulting in code execution. An attacker can cause a camera to connect to this SSID to trigger this vulnerabilit...

Low: Red Hat Security Advisory: setup security and bug fix update

An update for setup is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial-of-service

A flaw was found in the Linux kernel's handling of loopback devices. An attacker, who has permissions to setup loopback disks, may create a denial of service or other unspecified actions...

Mutiny Fuzzing Framework

The Mutiny Fuzzing Framework is a network fuzzer that operates by replaying PCAPs through a mutational fuzzer. The goal is to begin network fuzzing as quickly as possible, at the expense of being thorough. The general workflow for Mutiny is to take a sample of legitimate traffic, such as a browse...

Telebix - An Application That Communicates With A Bot On The Telegram To Receive Commands And Send Information From An Infrastructure Monitored By Zabbix

Telebix is an application that communicates with a Bot on the Telegram to receive commands and send information from an infrastructure monitored by Zabbix, which also sends messages in real time if any problems occur in the infrastructure, it is totally written in Python with Shell Script and has...

Neato Botvac Connected Command Injection Vulnerability

The Neato Botvac Connected is a vacuuming robotic device from the American company Neato Robotics. A command injection vulnerability exists in the setup API in Neato Botvac Connected version 2.2.0. The vulnerability can be exploited to execute arbitrary commands with shell metacharacters in the n...

CVE-2018-18638

A command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows network attackers to execute arbitrary commands via shell metacharacters in the ntp field within JSON data to the /robot/initialize endpoint...

CVE-2018-18638

A command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows network attackers to execute arbitrary commands via shell metacharacters in the ntp field within JSON data to the /robot/initialize endpoint...

Command injection

A command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows network attackers to execute arbitrary commands via shell metacharacters in the ntp field within JSON data to the /robot/initialize endpoint...

CVE-2018-18638

Neato Botvac Connected 2.2.0 is affected by a command-injection in the setup API. The vulnerability allows remote attackers to inject shell metacharacters in the ntp field of a JSON payload sent to /robot/initialize, enabling arbitrary command execution. Root cause: unsafely handled ntp field in ...

CVE-2018-17961

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183. Mitigation Please refer to the "Mitigation" section of CVE-2018-16509 :...

CVE-2018-7911

Some Huawei smart phones ALP-AL00B 8.0.0.106C00, 8.0.0.113SP2C00, 8.0.0.113SP3C00, 8.0.0.113SP7C00, 8.0.0.118C00, 8.0.0.120SP2C00, 8.0.0.125SP1C00, 8.0.0.125SP3C00, 8.0.0.126SP2C00, 8.0.0.126SP5C00, 8.0.0.127SP1C00, 8.0.0.128SP2C00, ALP-AL00B-RSC 1.0.0.2, BLA-TL00B 8.0.0.113SP7C01, 8.0.0.118C01,...

SUSE-SU-2018:2902-2 Security update for yast2-smt

This update fixes the following issues in yast2-smt: - Explicitly mention 'Organization Credentials' fate321759 - Rearrange the SMT set-up dialog bsc977043 - Added missing translation marks bsc1037811 - Remove cron job rescheduling bsc1097560 This update is a requirement for the security update f...

GHSA-4C32-XMGJ-2G98 High severity vulnerability that affects org.apache.pdfbox:pdfbox

Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted PDF...

Cannot connect to vCenter from PVS Console using stronger SCHANNEL Protocols, such as TLS 1.2

When running the XenDesktop Setup Wizard or the Streamed VM Wizard, and connecting to a vCenter Server that has been configured to only accept connections using TLS 1.1 or higher, the PVS Console could present an error stating that the Connection was closed. The error shown will have a text simil...

RemoteRecon - Remote Recon And Collection

RemoteRecon provides the ability to execute post-exploitation capabilities against a remote host, without having to expose your complete toolkit/agent. Often times as operator's we need to compromise a host, just so we can keylog or screenshot or some other miniscule task against a person/host of...

CVE-2018-17961

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183...

DEBIAN-CVE-2018-17961

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183...