291 matches found
Command execution vulnerability in Philips Smart Wireless Speaker web service formUpgradeURL web interface
The Philips Smart Wireless Speaker is an AI-based music player that can be connected to the internet. A command execution vulnerability exists in the Philips Smart Wireless Speaker web service formUpgradeURL web interface, which can be exploited by an attacker to execute commands...
Command execution vulnerability in Philips Smart Wireless Speaker web service formPlayURL web interface
The Philips Smart Wireless Speaker is an AI-based music player that can be connected to the internet. A command execution vulnerability exists in the Philips Smart Wireless Speaker web service formPlayURL web interface that can be exploited by an attacker to execute commands...
[SECURITY] Fedora 28 Update: beep-1.3-26.fc28
Beep allows the user to control the PC speaker with precision, allowing different sounds to indicate different events. While it can be run quite happily on the command line, its intended place of residence is within shell/Perl scripts, notifying the user when something interesting occurs. Of...
[SECURITY] Fedora 29 Update: beep-1.3-26.fc29
Beep allows the user to control the PC speaker with precision, allowing different sounds to indicate different events. While it can be run quite happily on the command line, its intended place of residence is within shell/Perl scripts, notifying the user when something interesting occurs. Of...
PT-2018-3942 · D Link · D-Link Dcs Series Wi-Fi Cameras
Name of the Vulnerable Software and Affected Versions: D-Link DCS series Wi-Fi cameras versions 1.00 and above Description: The issue is related to insufficient protection of registration data in the common/info.cgi component of D-Link DCS series Wi-Fi cameras' firmware. This can allow a remote...
CVE-2017-16345
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c318 the value for the sport key is copied using strcpy to the buffer at 0xa00017f4. This buffer is 6 bytes large, sending anything longer will cause a buffer...
CVE-2017-16344
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c2c8 the value for the surl key is copied using strcpy to the buffer at 0xa0001a0c. This buffer is 16 bytes large, sending anything longer will cause a buffer...
PT-2018-6275 · Insteon · Insteon Hub
Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012 Description: The issue allows an attacker to send an authenticated HTTP request to trigger a buffer overflow. Specifically, the s mac key value is copied to a 25-byte buffer using strcpy. Sending a value longer than 2...
PT-2018-6273 · Insteon · Insteon Hub
Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012 Description: An attacker could send an authenticated HTTP request to trigger this issue in Insteon Hub. The value for the s url key is copied using strcpy to the buffer at 0xa0001a0c. This buffer is 16 bytes large, an...
PT-2018-6274 · Insteon · Insteon Hub
Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012 Description: The issue allows an attacker to send an authenticated HTTP request to trigger it. Specifically, it involves copying the value for the s port key to a buffer using strcpy. This buffer has a size of 6 bytes...
CVE-2018-11316
The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker...
Design/Logic Flaw
The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker...
CVE-2018-11316
The CVE-2018-11316 entry concerns Sonos wireless speaker devices whose UPnP HTTP server can be abused via a DNS rebinding attack. The affected component is the Sonos UPnP web server; the underlying issue is lack of access restriction allowing unauthorized control and information exfiltration from...
CVE-2018-11316
The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker...
Amazon Alexa Has Got Some Serious Skills—Spying On Users!
"Alexa, are you spying on me?" — aaaa.....mmmm.....hmmm.....maybe!!! Security researchers have developed a new malicious 'skill' for Amazon's popular voice assistant Alexa that can turn your Amazon Echo into a full-fledged spying device. Amazon Echo is an always-listening voice-activated smart ho...
Smart Devices Can Be Hijacked to Track Your Body Movements And Activities Remotely
If your smartphones, tablets, smart refrigerators, smart TVs and other smart devices are smart enough to make your life easier, their smart behavior could also be leveraged by hackers to steal data, invade your privacy or spy on you, if not secured properly. One such experiment has recently been...
Metadata Analysis Draws its Own Conclusions on WannaCry Authors
The most intriguing mystery that remains about WannaCry is the identity of the attacker. The theory with the best legs is that North Korea’s Lazarus APT is the entity behind the worldwide ransomware outbreak given the discovery of shared code samples in the malware with older Lazarus attacks. Tha...
BlueHat v16 Keynote announced
Microsoft is excited to announce David Kennedy, CEO of TrustedSec and Binary Defense Systems, as the BlueHat v16 keynote speaker. David is a well-known speaker from the community, a published author, and the founder of the DerbyCon Security Conference. His keynote, entitled “The Security Monty...
Speaker Boost - Exported components, External URLs vulnerabilities
HackApp vulnerability scanner discovered that application Speaker Boost published at the 'play' market has multiple vulnerabilities...
ZeroNights 2014: запретных тем нет
ZeroNights 2014: запретных тем нет До старта конференции ZeroNights 2014 остается совсем немного времени. Скоро площадка для встречи специалистов-практиков по ИБ, исследователей, программистов, звезд хакерского мира, да и просто хороших друзей и знакомых откроет свои двери навстречу новому. В это...