Tmp files readable by other users in sync-exec

Affected versions of sync-exec use files located in /tmp/ to buffer command results before returning values. As /tmp/ is almost always set with world readable permissions, this may allow low privilege users on the system to read the results of commands run via sync-exec under a higher privilege...

Yi Technology Home Camera Time Sync Code Execution (CVE-2018-3892)

A remote code execution exists in the time syncing functionality of Yi Home Camera. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

SUSE SLES12 Security Update : smt (SUSE-SU-2018:3467-1)

SMT was updated to version 3.0.38. Following security issue was fixed : CVE-2018-12472: Harden hostname check during sibling check by forcing double reverse lookup bsc1104076 Following non security issues were fixed: Add migration path check when registration sharing is enabled Fix sibling sync...

sync-tm.everesttech.net Open Redirect vulnerability

Open Bug Bounty ID: OBB-687925 Description| Value ---|--- Affected Website:| sync-tm.everesttech.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| hidden...

Profile sync issues with Mozilla Firefox after logoff and login.

Mozilla Firefox settings such as bookmarks not getting saved after logoff and login. With Internet Explorer there is no issue, however it does not work with Mozilla...

Android App Verification Issues Pave Way For Phishing Attacks

A design issue in the way some popular password manager tools verify legitimate Android apps could be harnessed to help attackers launch successful phishing attacks on users. Researchers with the University of Genoa and Eurecom inspected popular mobile password tools that sync with Android...

Design/Logic Flaw

DISPUTED Axon formerly TASER International Evidence Sync 3.15.89 is vulnerable to process injection. NOTE: the vendor's position is that this CVE is not associated with information that supports any finding of any type of vulnerability...

CVE-2018-17538

Axon formerly TASER International Evidence Sync 3.15.89 is vulnerable to process injection. NOTE: the vendor's position is that this CVE is not associated with information that supports any finding of any type of vulnerability...

CVE-2018-17538

Axon formerly TASER International Evidence Sync 3.15.89 is vulnerable to process injection. NOTE: the vendor's position is that this CVE is not associated with information that supports any finding of any type of vulnerability...

CVE-2018-17538

Axon formerly TASER International Evidence Sync 3.15.89 is vulnerable to process injection. NOTE: the vendor's position is that this CVE is not associated with information that supports any finding of any type of vulnerability...

CVE-2018-17538

Axon Evidence Sync 3.15.89 is described as vulnerable to process injection. The PT-2018-14047 entry notes the vendor disputes the vulnerability’s existence and that no fix/version is publicly documented in the provided sources. No remediation details are available in the connected documents; expl...

PT-2018-14047 · Axon · Axon Evidence Sync

Name of the Vulnerable Software and Affected Versions: Axon Evidence Sync version 3.15.89 Description: The issue concerns process injection. The vendor disputes the existence of this vulnerability, stating that the associated information does not support any finding of a vulnerability...

CVE-2018-3918

An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the 'sync'...

PT-2018-16310 · Samsung · Samsung Smartthings Hub

Name of the Vulnerable Software and Affected Versions: Samsung SmartThings Hub STH-ETH-250 version 0.20.17 Description: An issue exists in the remote servers of Samsung SmartThings Hub where the hubCore process listens on port 39500 and relays unauthenticated messages. The servers incorrectly...

GTA 5 Online Game - Timeout Sync Money Vulnerability

Document Title: =============== GTA 5 Online Game - Timeout Sync Money Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2142 View Video: https://www.youtube.com/watch?v=Iz6xYtP-sYY Release Date: ============= 2018-08-21 Vulnerability Laboratory ID VL-ID:...

GTA 5 Online Game - Timeout Sync Money Vulnerability

Document Title: =============== GTA 5 Online Game - Timeout Sync Money Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2142 View Video: https://www.youtube.com/watch?v=Iz6xYtP-sYY Release Date: ============= 2018-08-20 Vulnerability Laboratory ID VL-ID:...

CloudMe Sync 1.10.9 - Buffer Overflow (SEH) Exploit

Exploit for windows platform in category local exploits Exploit Title: CloudMe Sync 1.10.9 - Buffer Overflow SEHDEP Bypass Exploit Author: Manoj Ahuje Linkedin: https://www.linkedin.com/in/manojahuje/ Vendor Homepage: https://www.cloudme.com/ Software Link:...

CloudMe Sync 1.10.9 - Buffer Overflow (SEH)(DEP Bypass)

CloudMe Sync 1.10.9 - Buffer Overflow SEHDEP Bypass Exploit Title: CloudMe Sync 1.10.9 - Buffer Overflow SEHDEP Bypass Date: 2018-08-05 Exploit Author: Manoj Ahuje Linkedin: https://www.linkedin.com/in/manojahuje/ Vendor Homepage: https://www.cloudme.com/ Software Link:...

CloudMe Sync 1.10.9 - Buffer Overflow (SEH)(DEP Bypass)

Exploit Title: CloudMe Sync 1.10.9 - Buffer Overflow SEHDEP Bypass Date: 2018-08-05 Exploit Author: Manoj Ahuje Linkedin: https://www.linkedin.com/in/manojahuje/ Vendor Homepage: https://www.cloudme.com/ Software Link: https://www.cloudme.com/downloads/CloudMe1109.exe Tested on: Windows 10 Home x...

Samsung SmartThings Hub hubCore port 39500 sync denial-of-service vulnerability(CVE-2018-3918)

Summary An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the "sync" operation, leading to arbitrary deleti...