CVE-2020-27374

CVE-2020-27374 affects Dr Trust USA iCheck Connect BP Monitor BP Testing 118 (firmware 1.2.1). The available connected documents describe a replay-attack vulnerability against the BP monitoring function. Concrete technical details beyond the vulnerability label (e.g., root cause, affected subsyst...

CVE-2020-27375

CVE-2020-27375 affects the Dr Trust USA iCheck Connect BP Monitor BP Testing 118, version 1.2.1. The vulnerability is described as exposure to Transmitting Write Requests and Chars. The connected sources do not provide root cause details or a confirmed exploit, and no remediation/fix is specified...

CVE-2020-27376

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Missing Authentication...

CVE-2020-27376

The connected sources identify CVE-2020-27376 as an access-control vulnerability in Dr Trust USA iCheck Connect BP Monitor BP Testing 118, version 1.2.1, described as Missing Authentication. Affected product and version are stated; CVSS indicates HIGH severity (AVG 8.3–8.8 depending on metric set...

Dr Trust USA iCheck Connect BP Monitor BP Testing 118存在未明漏洞

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 is a digital blood pressure monitor and tester from Dr Trust. A security vulnerability exists in Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1, which stems from vulnerability to replay attacks against BP Monitoring. No detailed...

Dr Trust USA iCheck Connect BP Monitor BP Testing 118代码问题漏洞

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 is a digital blood pressure monitor and tester from Dr Trust. Dr Trust USA iCheck Connect BP Monitor BP Testing 118 is vulnerable to a code issue, no details of the vulnerability are available at this time. Details of the vulnerability are not...

Improve Your Hacking Skills with 9 Python Courses for Just $39

For anyone with interest in cybersecurity, learning Python is a must. The language is used extensively in white hat hacking, and professionals use Python scripts to automate tests. It also has a use in the "soft" side of cybersecurity — like scraping the web for compromised data and detecting bug...

neotropical.pensoft.net Cross Site Scripting vulnerability OBB-2454030

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Using payable.transfer functions in WithdrawFacet.sol and Libasset.sol is not usable for smart contract calls due to possible shortage of gas.

Lines of code Vulnerability details Impact Withdrawals and transferERC20 tokens are executed via transferERC20 and withdraw functions. Since these functions calls with a fixed amount of gas, it's not yet guaranteed to reach to the destination if the receiver is a smart contract. Proof of Concept...

Risk of centralization

Lines of code Vulnerability details Medium Risk Risk of centralization Impact Diamond owner has too many roles on setting the functions, initiating payable functions. If the Owner account is compromised, the assets may be drained in this trustless system. Proof of Concept Tools Used Static testin...

Cloud Pentesting, Pt. 2: Testing Across Different Deployments

In part one of this series, we broke down the various types of cloud deployments. So, pentesting in the cloud is just like on-prem, right? Who asks these loaded questions!? The answer is yes and no. It depends on how a customer has set up their cloud deployment. Let’s cover a few basics first,...

PT-2022-18842 · Jenkins · Jenkins Proxmox Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Proxmox Plugin version 0.7.0 and earlier Description: A cross-site request forgery CSRF issue allows attackers to connect to a specified host using a specified username and password, disable SSL/TLS validation for the entire Jenkins...

VulnCheck KEV: CVE-2019-7483

In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server...

SonicWall SMA100 Directory Traversal Vulnerability

In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server...

Zkar - A Java Serialization Protocol Analysis Tool Implement In Go

ZKar is a Java serialization protocol analysis tool implement in Go. This tool is still work in progress , so no complete API document and contribution guide. ZKar provides: A Java serialization payloads parser and viewer in pure Go, no CGO or JDK is required From the Java serialization protocol ...

Exploit for SQL Injection in Zabbix

This is a pre-built vulnerable environment based on Docker-Compose, maintained by Vulhub. The repository contains various vulnerable applications and services, including CouchDB, FFmpeg, Git, and Jenkins, among others. The vulnerabilities are identified by CVE IDs, such as CVE-2016-10134,...

S3Sec - Check AWS S3 Instances For Read/Write/Delete Access

Test AWS S3 buckets for read/write/delete access This tool was developed to quickly test a list of s3 buckets for public read, write and delete access for the purposes of penetration testing on bug bounty programs. Found a bug bounty using this tool? Feel free to add me as a collaborator: @0xmoot...

College Website Management System 1.0 SQL Injection

Exploit Title: College Website Management System 1.0 - SQL Injection Date: 12/03/2022 Exploit Author: Mr Empy Software Link: https://www.sourcecodester.com/php/15203/college-website-content-management-system-phpoop-free-source-code.html Version: 1.0 Tested on: Linux Title: ================ Colleg...

Lnkbomb - Malicious Shortcut Generator For Collecting NTLM Hashes From Insecure File Shares

Lnkbomb is used for uploading malicious shortcut files to insecure file shares. The vulnerability exists due to Windows looking for an icon file to associate with the shortcut file. This icon file can be directed to a penetration tester's machine running Responder or smbserver to gather NTLMv1 or...

Penetration Testing Azure: The User-Friendly Guide

By Owais Sultan Microsoft Azure is a cloud platform that offers a wide range of services to its users. Its used… This is a post from HackRead.com Read the original post: Penetration Testing Azure: The User-Friendly Guide...