CVE-2026-40851 Command injection via USB

A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a total loss of confidentiality, integrity and availability...

Astra Linux - уязвимость в udisks2

A vulnerability has been discovered in udisks2. This flaw allows an attacker to submit a specially crafted image file/USB, resulting in kernel panic. The greatest threat posed by this vulnerability is to system availability...

EUVD-2021-24848

Malware in sbrugna...

EUVD-2016-2030

Malware in sbrugna...

EUVD-2018-20914

Malware in sbrugna...

EUVD-2018-20906

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2022-3628

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can...

CVE-2016-11041

An issue was discovered on Samsung mobile devices with KK4.4 software. Attackers can bypass the lockscreen by sending an AT command over USB. The Samsung ID is SVE-2015-5301 June 2016...

📄 Sony XAV-AX5500 1.13 Code Execution

Sony XAV-AX5500 version 1.13 suffers from a firmware update validation vulnerability that allows for code execution. Exploit Title: Sony XAV-AX5500 Firmware Update Validation Remote Code Execution Date: 11-Feb-2025 Exploit Author: lkushinada Vendor Homepage:...

USB “Rubber Ducky” Attack Tool

The USB Rubber Ducky is getting better and better. Already, previous versions of the Rubber Ducky could carry out attacks like creating a fake Windows pop-up box to harvest a users login credentials or causing Chrome to send all saved passwords to an attackers webserver. But these attacks had to ...

CVE-2021-38396

The CVE-2021-38396 issue affects Boston Scientific ZOOM LATITUDE Programmer/Recorder/Monitor Model 3120. The vulnerability is due to the programmer installation utility not performing cryptographic authenticity or integrity checks on software on the flash drive, enabling an attacker with physical...

CVE-2021-38204

A flaw was found in the Linux kernel. A denial of service attack use-after-free and panic can be caused by a physically proximate attack by removing a MAX-3421 USB device in certain situations. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...

Linux kernel memory misreference vulnerability (CNVD-2020-00267)

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A memory misreference vulnerability exists in Linux kernel versions prior to 5.2.9. An attacker could exploit this...

Linux kernel memory misreference vulnerability (CNVD-2019-45878)

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A memory misreference vulnerability exists in Linux kernel versions prior to 5.2.10. An attacker could exploit this...

BMC Vulnerabilities Expose Supermicro Servers to Remote USB-Attacks

Enterprise servers powered by Supermicro motherboards can remotely be compromised by virtually plugging in malicious USB devices, cybersecurity researchers at firmware security company Eclypsium told The Hacker News. Yes, that's correct. You can launch all types of USB attacks against vulnerable...

CVE-2018-9320

The CVE-2018-9320 entry concerns BMW’s Head Unit HU_NBT (Infotainment) used across 2012–2018 model lines (i Series, X Series, 3/5/7 Series). The vulnerability is described as a local attack that can be triggered when a USB device is plugged into the head unit. Documents provided confirm the affec...

CVE-2018-9320

The Head Unit HUNBT aka Infotainment component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows a local attack when a USB device is plugged in...

UPDATE: P4wnP1 v0.1.0-alpha1

PenTestIT RSS Feed P4wnP1 update time guys and this time it is the P4wnP1 v0.1.0-alpha1, the first pre-built image! It has almost been a year since I last posted about this Raspberry Pi based, customizable USB attack platform and yet, what an update! Read on! What is P4wnP1? P4wnP1 is a highly...

P4wnP1: A Open Source USB Attack Platform

PenTestIT RSS Feed As of now, hardware security projects seem to be attracting me more than software based projects. Evidently, I wrote a few posts covering them - List of Portable Hardware Devices for Penetration Testing, List of Raspberry Pi DIY Projects for Anonymity, etc. among other awesome...

Flaws Found in Popular Printer Models

Vulnerabilities in popular printer models made by HP, Dell and Lexmark expose the devices to attackers who can steal passwords, shut down printers and even steal print jobs. Academic researchers at the University Alliance Ruhr on Monday published a series of advisories and an informational wiki...