Lucene search
+L

291 matches found

CNVD
CNVD
added 2019/01/17 12:0 a.m.1 views

Command execution vulnerability in Philips Smart Wireless Speaker web service formUpgradeURL web interface

The Philips Smart Wireless Speaker is an AI-based music player that can be connected to the internet. A command execution vulnerability exists in the Philips Smart Wireless Speaker web service formUpgradeURL web interface, which can be exploited by an attacker to execute commands...

7.5AI score
Exploits0
CNVD
CNVD
added 2019/01/17 12:0 a.m.2 views

Command execution vulnerability in Philips Smart Wireless Speaker web service formPlayURL web interface

The Philips Smart Wireless Speaker is an AI-based music player that can be connected to the internet. A command execution vulnerability exists in the Philips Smart Wireless Speaker web service formPlayURL web interface that can be exploited by an attacker to execute commands...

7.5AI score
Exploits0
Fedora
Fedora
added 2019/01/11 12:16 a.m.34 views

[SECURITY] Fedora 28 Update: beep-1.3-26.fc28

Beep allows the user to control the PC speaker with precision, allowing different sounds to indicate different events. While it can be run quite happily on the command line, its intended place of residence is within shell/Perl scripts, notifying the user when something interesting occurs. Of...

7CVSS2.1AI score0.01651EPSS
Exploits3
Fedora
Fedora
added 2019/01/10 8:22 a.m.35 views

[SECURITY] Fedora 29 Update: beep-1.3-26.fc29

Beep allows the user to control the PC speaker with precision, allowing different sounds to indicate different events. While it can be run quite happily on the command line, its intended place of residence is within shell/Perl scripts, notifying the user when something interesting occurs. Of...

4.7CVSS2.1AI score0.0035EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2018/12/20 12:0 a.m.6 views

PT-2018-3942 · D Link · D-Link Dcs Series Wi-Fi Cameras

Name of the Vulnerable Software and Affected Versions: D-Link DCS series Wi-Fi cameras versions 1.00 and above Description: The issue is related to insufficient protection of registration data in the common/info.cgi component of D-Link DCS series Wi-Fi cameras' firmware. This can allow a remote...

7.8CVSS7.3AI score0.01943EPSS
Exploits2References3
OSV
OSV
added 2018/08/02 7:29 p.m.6 views

CVE-2017-16345

An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c318 the value for the sport key is copied using strcpy to the buffer at 0xa00017f4. This buffer is 6 bytes large, sending anything longer will cause a buffer...

9.9CVSS6.2AI score0.01378EPSS
Exploits2References1
OSV
OSV
added 2018/08/02 7:29 p.m.5 views

CVE-2017-16344

An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c2c8 the value for the surl key is copied using strcpy to the buffer at 0xa0001a0c. This buffer is 16 bytes large, sending anything longer will cause a buffer...

9.9CVSS6.2AI score0.01378EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2018/08/02 12:0 a.m.10 views

PT-2018-6275 · Insteon · Insteon Hub

Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012 Description: The issue allows an attacker to send an authenticated HTTP request to trigger a buffer overflow. Specifically, the s mac key value is copied to a 25-byte buffer using strcpy. Sending a value longer than 2...

9.9CVSS8.6AI score0.01378EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2018/08/02 12:0 a.m.5 views

PT-2018-6273 · Insteon · Insteon Hub

Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012 Description: An attacker could send an authenticated HTTP request to trigger this issue in Insteon Hub. The value for the s url key is copied using strcpy to the buffer at 0xa0001a0c. This buffer is 16 bytes large, an...

9.9CVSS8.3AI score0.01378EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2018/08/02 12:0 a.m.5 views

PT-2018-6274 · Insteon · Insteon Hub

Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012 Description: The issue allows an attacker to send an authenticated HTTP request to trigger it. Specifically, it involves copying the value for the s port key to a buffer using strcpy. This buffer has a size of 6 bytes...

9.9CVSS8.2AI score0.01378EPSS
Exploits2References2
NVD
NVD
added 2018/07/03 4:29 p.m.15 views

CVE-2018-11316

The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker...

9.6CVSS8.9AI score0.01303EPSS
Exploits0References2
Prion
Prion
added 2018/07/03 4:29 p.m.13 views

Design/Logic Flaw

The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker...

9.3CVSS8.8AI score0.01303EPSS
Exploits0References2
CVE
CVE
added 2018/07/03 4:0 p.m.42 views

CVE-2018-11316

The CVE-2018-11316 entry concerns Sonos wireless speaker devices whose UPnP HTTP server can be abused via a DNS rebinding attack. The affected component is the Sonos UPnP web server; the underlying issue is lack of access restriction allowing unauthorized control and information exfiltration from...

9.6CVSS8.8AI score0.01303EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2018/07/03 4:0 p.m.22 views

CVE-2018-11316

The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker...

8.9AI score0.01303EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2018/04/26 3:58 p.m.72 views

Amazon Alexa Has Got Some Serious Skills—Spying On Users!

"Alexa, are you spying on me?" — aaaa.....mmmm.....hmmm.....maybe!!! Security researchers have developed a new malicious 'skill' for Amazon's popular voice assistant Alexa that can turn your Amazon Echo into a full-fledged spying device. Amazon Echo is an always-listening voice-activated smart ho...

0.6AI score
Exploits0
The Hacker News
The Hacker News
added 2017/08/19 11:17 p.m.12 views

Smart Devices Can Be Hijacked to Track Your Body Movements And Activities Remotely

If your smartphones, tablets, smart refrigerators, smart TVs and other smart devices are smart enough to make your life easier, their smart behavior could also be leveraged by hackers to steal data, invade your privacy or spy on you, if not secured properly. One such experiment has recently been...

7.3AI score
Exploits0
ThreatPost
ThreatPost
added 2017/06/15 10:34 a.m.16 views

Metadata Analysis Draws its Own Conclusions on WannaCry Authors

The most intriguing mystery that remains about WannaCry is the identity of the attacker. The theory with the best legs is that North Korea’s Lazarus APT is the entity behind the worldwide ransomware outbreak given the discovery of shared code samples in the malware with older Lazarus attacks. Tha...

Exploits0References4
MSRC
MSRC
added 2016/11/01 7:0 a.m.9 views

BlueHat v16 Keynote announced

Microsoft is excited to announce David Kennedy, CEO of TrustedSec and Binary Defense Systems, as the BlueHat v16 keynote speaker. David is a well-known speaker from the community, a published author, and the founder of the DerbyCon Security Conference. His keynote, entitled “The Security Monty...

6.9AI score
Exploits0
hackapp
hackapp
added 2016/04/01 9:10 a.m.8 views

Speaker Boost - Exported components, External URLs vulnerabilities

HackApp vulnerability scanner discovered that application Speaker Boost published at the 'play' market has multiple vulnerabilities...

0.2AI score
Exploits0References1Affected Software1
rdot
rdot
added 2014/11/10 12:0 a.m.503 views

ZeroNights 2014: запретных тем нет

ZeroNights 2014: запретных тем нет До старта конференции ZeroNights 2014 остается совсем немного времени. Скоро площадка для встречи специалистов-практиков по ИБ, исследователей, программистов, звезд хакерского мира, да и просто хороших друзей и знакомых откроет свои двери навстречу новому. В это...

6.9AI score
Exploits0
Rows per page
Query Builder