CVE-2023-43633

On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/global.json”. If the file exists, it overrides the existing configuration on the device on boot. This allows an attacker to change the system’s configuration, which also includes some debug functions...

Fire detection system been pwned? You’re not going to sea

TL;DR Hardcoded SSH and VNC credentials found on Consilium Salwico CS5000 panels SSH access allows OS-level interaction, and VNC access gives UI control It may be possible to disable the fire detection system Attempts to disclose vulnerability to Consilium multiple times since 2022 Consilium...

CVE-2024-56330 Session VNC may be accessed by other sessions on the same host in stardust

Stardust is a platform for streaming isolated desktop containers. With this exploit, inter container communication ICC is not disabled. This would allow users within a container to access another containers agent, therefore compromising access.The problem has been patched in any Stardust build pa...

novnc: XSS vulnerability via the messages propagated to the status field

An XSS vulnerability was discovered in noVNC in which arbitrary HTML could be injected into the noVNC web page. An attacker having access to a VNC server could use target host values in a crafted URL to gain access to secure information such as VM tokens...

Dockernymous - A Script Used To Create A Whonix Like Gateway/Workstation Environment With Docker Containers

Dockernymous is a start script for Docker that runs and configures two individual Linux containers in order act as a anonymisation workstation-gateway set up. It's aimed towards experienced Linux/Docker users, security professionals and penetration testers! The gateway container acts as a...

openSUSE Security Update : vlc (openSUSE-2017-1101)

This update for vlc to version 2.2.6 fixes several issues. This security issue was fixed : - CVE-2017-9300: Heap corruption allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted FLAC file bsc1041907. These non-security issues were fixed : -...

openSUSE Security Update : vlc (openSUSE-2017-1100)

This update for vlc fixes several issues. This security issue was fixed : - CVE-2017-9300: Heap corruption allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted FLAC file bsc1041907. These non-security issues were fixed : - Stop depending on...

DEBIAN-CVE-2015-2152

Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access to the VGA console by 1 setting the DISPLAY environment variable, when compiled with SDL support,...

[Full-Disclosure] SRT2004-01-17-0425 - Ultr@VNC local SYSTEM access.

Secure Network Operations, Inc. http://www.secnetops.com/research Strategic Reconnaissance Team researchatsecnetops.com Team Lead Contact kfatsecnetops.com Spam Contact rm -rf /@snosoft.com Our Mission: Secure Network Operations offers expertise in Networking, Intrusion Detection Systems IDS,...

CVE-2002-2088

The MOSIX Project clump/os 5.4 creates a default VNC account without a password, which allows remote attackers to gain root access...