π¨ CVE-2018-13844
An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c. NOTE: This has been disputed with the assertion that this vulnerability exists in the test harness and HTSlib users would be aware of the need to destruct this object returned by fai_load() in their own code
π@cveNotify
An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c. NOTE: This has been disputed with the assertion that this vulnerability exists in the test harness and HTSlib users would be aware of the need to destruct this object returned by fai_load() in their own code
π@cveNotify
GitHub
A memory leak detected. Β· Issue #731 Β· samtools/htslib
Sorry for that I didn't reply in my last issue immediately because I had some other stuffs to handle then. Well ,it seems that you have found the SEGV signal and fixed it. I found another probl...
π¨ CVE-2018-14047
An issue has been found in PNGwriter 0.7.0. It is a SEGV in pngwriter::readfromfile in pngwriter.cc. NOTE: there is a "Warning: PNGwriter was never designed for reading untrusted files with it. Do NOT use this in sensitive environments, especially DO NOT read PNGs from unknown sources with it!" statement in the master/README.md file
π@cveNotify
An issue has been found in PNGwriter 0.7.0. It is a SEGV in pngwriter::readfromfile in pngwriter.cc. NOTE: there is a "Warning: PNGwriter was never designed for reading untrusted files with it. Do NOT use this in sensitive environments, especially DO NOT read PNGs from unknown sources with it!" statement in the master/README.md file
π@cveNotify
GitHub
security/pngwriter at master Β· fouzhe/security
software vulnerabilities. Contribute to fouzhe/security development by creating an account on GitHub.
π¨ CVE-2018-15573
An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in the lf parameter. By default, the web interface is on port 5054, and does not require authentication. NOTE: the vendor has stated "We do not consider this a vulnerability.
π@cveNotify
An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /goform/edit_lf_process with file content in the lfdata parameter and a pathname in the lf parameter. By default, the web interface is on port 5054, and does not require authentication. NOTE: the vendor has stated "We do not consider this a vulnerability.
π@cveNotify
seclists.org
Full Disclosure: (Reprise License Manager) RLM 14.2 - Authenticated Remote Binary Execution
π¨ CVE-2018-15574
An issue was discovered in the license editor in Reprise License Manager (RLM) through 12.2BL2. It is a cross-site scripting vulnerability in the /goform/edit_lf_get_data lf parameter via GET or POST. NOTE: the vendor has stated "We do not consider this a vulnerability."
π@cveNotify
An issue was discovered in the license editor in Reprise License Manager (RLM) through 12.2BL2. It is a cross-site scripting vulnerability in the /goform/edit_lf_get_data lf parameter via GET or POST. NOTE: the vendor has stated "We do not consider this a vulnerability."
π@cveNotify
bittherapy.net
RCE with Arbitrary File Write and XSS in Reprise License Manager (CVE-2018β15573, CVE-2018β15574)
CVE-2018β15573: Arbitrary File Write in Reprise License Manager
CVE-2018β15574: XSS in Reprise License Manager
TW-2018-006: Unpatched Remote Code Execution and XSS in Reprise License Manager
During a recent engagement, I came across a particularly interestingβ¦
CVE-2018β15574: XSS in Reprise License Manager
TW-2018-006: Unpatched Remote Code Execution and XSS in Reprise License Manager
During a recent engagement, I came across a particularly interestingβ¦
π¨ CVE-2018-15660
An issue was discovered in the Ola Money (aka com.olacabs.olamoney) application 1.9.0 for Android. If an attacker controls an application with accessibility permissions, then the attacker can read certain Ola Money data such as a credit card number, expiration date, bank account number, and transaction history. NOTE: the vendor does not agree that this is a security issue requiring a fix
π@cveNotify
An issue was discovered in the Ola Money (aka com.olacabs.olamoney) application 1.9.0 for Android. If an attacker controls an application with accessibility permissions, then the attacker can read certain Ola Money data such as a credit card number, expiration date, bank account number, and transaction history. NOTE: the vendor does not agree that this is a security issue requiring a fix
π@cveNotify
GitHub
appexploits/OLA Money.pdf at master Β· magicj3lly/appexploits
Contribute to magicj3lly/appexploits development by creating an account on GitHub.
π¨ CVE-2018-15661
An issue was discovered in the Ola Money (aka com.olacabs.olamoney) application 1.9.0 for Android. If an attacker controls an application with accessibility permissions and the ability to read SMS messages, then the Forgot Password screen can be used to bypass authentication. NOTE: the vendor does not agree that this is a security issue requiring a fix
π@cveNotify
An issue was discovered in the Ola Money (aka com.olacabs.olamoney) application 1.9.0 for Android. If an attacker controls an application with accessibility permissions and the ability to read SMS messages, then the Forgot Password screen can be used to bypass authentication. NOTE: the vendor does not agree that this is a security issue requiring a fix
π@cveNotify
GitHub
appexploits/OLA Money.pdf at master Β· magicj3lly/appexploits
Contribute to magicj3lly/appexploits development by creating an account on GitHub.
π¨ CVE-2018-15852
Technicolor TC7200.20 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions
π@cveNotify
Technicolor TC7200.20 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions
π@cveNotify
B4cKD00βΉ
CVE-2018-15852 # Exploit Title:- Cable modem Technicolor TC7200.20 WiFi β Buffer Overflow
1- Connect to Technicolor TC7200.20 WiFi device/router 2.Check your system connection/device information- In Terminal,Type β ifconfig 3- Open terminal with βrootβ access=&β¦
π¨ CVE-2018-15907
Technicolor (formerly RCA) TC8305C devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-16310. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions
π@cveNotify
Technicolor (formerly RCA) TC8305C devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-16310. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions
π@cveNotify
B4cKD00βΉ
CVE-2018-15907 # Exploit Title:- Techniclor Formerly RCA TC8305C Wireless Gateway 802.11b/g/n GigaPort x 4 Port Router w/ 2-Voiceβ¦
1- Connect to Technicolor TC8305C WiFi device/router. 2.Check your system connection/device information- In Terminal,Type β ifconfig 3- Open terminal with βrootβ accessβ¦
π¨ CVE-2018-15157
The libfsclfs_block_read function in libfsclfs_block.c in libfsclfs before 2018-07-25 allows remote attackers to cause a heap-based buffer over-read via a crafted clfs file. NOTE: the vendor has disputed this as described in the GitHub issue comments
π@cveNotify
The libfsclfs_block_read function in libfsclfs_block.c in libfsclfs before 2018-07-25 allows remote attackers to cause a heap-based buffer over-read via a crafted clfs file. NOTE: the vendor has disputed this as described in the GitHub issue comments
π@cveNotify
GitHub
libfsclfs_block.c:742 1 byte OOB read Β· Issue #3 Β· libyal/libfsclfs
the libfsclfs_block_read function in libfsclfs_block.c:742 in libfsclfs allow remote attackers to cause a denial of service(invalid memory read and application crash) via a crafted clfs file. ./fsc...
π¨ CVE-2018-15158
The libesedb_page_read_values function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments
π@cveNotify
The libesedb_page_read_values function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments
π@cveNotify
GitHub
Multiple OOB reads Β· Issue #43 Β· libyal/libesedb
1.the libesedb_page_read_values function in libesedb_page.c in libesedb allow remote attackers to cause a denial of service(invalid memory read and application crash) via a crafted esedb file. esed...
π¨ CVE-2018-15159
The libesedb_page_read_tags function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments
π@cveNotify
The libesedb_page_read_tags function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments
π@cveNotify
GitHub
Multiple OOB reads Β· Issue #43 Β· libyal/libesedb
1.the libesedb_page_read_values function in libesedb_page.c in libesedb allow remote attackers to cause a denial of service(invalid memory read and application crash) via a crafted esedb file. esed...
π¨ CVE-2018-15160
The libesedb_catalog_definition_read function in libesedb_catalog_definition.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments
π@cveNotify
The libesedb_catalog_definition_read function in libesedb_catalog_definition.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments
π@cveNotify
GitHub
Multiple OOB reads Β· Issue #43 Β· libyal/libesedb
1.the libesedb_page_read_values function in libesedb_page.c in libesedb allow remote attackers to cause a denial of service(invalid memory read and application crash) via a crafted esedb file. esed...
π¨ CVE-2018-15161
The libesedb_key_append_data function in libesedb_key.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments
π@cveNotify
The libesedb_key_append_data function in libesedb_key.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments
π@cveNotify
GitHub
Multiple OOB reads Β· Issue #43 Β· libyal/libesedb
1.the libesedb_page_read_values function in libesedb_page.c in libesedb allow remote attackers to cause a denial of service(invalid memory read and application crash) via a crafted esedb file. esed...
π¨ CVE-2018-15474
CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. NOTE: the vendor has stated "this is not a security problem in DokuWiki.
π@cveNotify
CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to execute arbitrary code via a value that is mishandled in a CSV export. NOTE: the vendor has stated "this is not a security problem in DokuWiki.
π@cveNotify
GitHub
CVE-2018-15474: CSV Formula Injection vulnerability Β· Issue #2450 Β· dokuwiki/dokuwiki
The following was reported directly to me by Jean-Benjamin Rousseau from SEC Consult (Schweiz) AG Vulnerability overview/description: The administration panel of the application has a "CSV exp...
π¨ CVE-2018-15542
An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred
π@cveNotify
An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred
π@cveNotify
Gist
Telegram CVE-2018-15542 Information
Telegram CVE-2018-15542 Information . GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2018-15543
An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to onAuthenticationSucceeded with null, because the fingerprint API in conjunction with the Android keyGenerator class is not implemented. In other words, an attacker could authenticate with an arbitrary fingerprint. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred
π@cveNotify
An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to onAuthenticationSucceeded with null, because the fingerprint API in conjunction with the Android keyGenerator class is not implemented. In other words, an attacker could authenticate with an arbitrary fingerprint. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred
π@cveNotify
Gist
Telegram CVE-2018-15543 Information
Telegram CVE-2018-15543 Information. GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2018-14494
Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivotek hardware or firmware
π@cveNotify
Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July 2019, it is a historical vulnerability that does not apply to any current or recent Vivotek hardware or firmware
π@cveNotify
VDA Labs
Professional IoT Hacking Series: Target Selection & Firmware Analysis
VDA Labs has a strong track record in testing hardware devices for vulnerabilities - follow along as we test an IoT camera to find security issues!
π¨ CVE-2018-14495
Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance
π@cveNotify
Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as a vulnerability and states that the issue does not cause a web server crash or have any other affect on it's performance
π@cveNotify
VDA Labs
Professional IoT Hacking Series: Target Selection & Firmware Analysis
VDA Labs has a strong track record in testing hardware devices for vulnerabilities - follow along as we test an IoT camera to find security issues!
π¨ CVE-2018-16585
An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. Note: A reputable source believes that the CVE is potentially a duplicate of CVE-2018-15910 as explained in Red Hat bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=1626193)
π@cveNotify
An issue was discovered in Artifex Ghostscript before 9.24. The .setdistillerkeys PostScript command is accepted even though it is not intended for use during document processing (e.g., after the startup phase). This leads to memory corruption, allowing remote attackers able to supply crafted PostScript to crash the interpreter or possibly have unspecified other impact. Note: A reputable source believes that the CVE is potentially a duplicate of CVE-2018-15910 as explained in Red Hat bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=1626193)
π@cveNotify
π¨ CVE-2018-16310
Technicolor TG588V V2 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-15907. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions
π@cveNotify
Technicolor TG588V V2 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-15907. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions
π@cveNotify
Blogspot
CVE-2018-16310- Technicolor TG588V V2 - Buffer Overflow
# Date:- 2018-08-28 # Vendor Homepage:- https://www.technicolor.com/distribute/home-experience/access # Hardware Link:- https://www.amaz...
π¨ CVE-2018-16710
OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documentation states that with "blind port forwarding ... Putting OctoPrint onto the public internet is a terrible idea, and I really can't emphasize that enough.
π@cveNotify
OctoPrint through 1.3.9 allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests on port 8081. NOTE: the vendor disputes the significance of this report because their documentation states that with "blind port forwarding ... Putting OctoPrint onto the public internet is a terrible idea, and I really can't emphasize that enough.
π@cveNotify
GitHub
OctoPrint configuration issues can lead to unauthorized access Β· Issue #2814 Β· OctoPrint/OctoPrint
Unauthorized access due to configuration issues can download configuration files, download videos, and more. https://www.shodan.io/search?query=OctoPrint+200+OK