[CVE-2014-2977] DirectFB integer signedness vulnerability

Posted on Thu 15 May 2014 in Advisory • Tagged with vulnerability, advisory

Summary

DirectFB is prone to an integer signedness vulnerability since version 1.4.13.

The vulnerability can be triggered remotely without authentication through Voodoo interface (network layer of DirectFB).

Details

This integer coercion error may lead to a stack overflow.

CVSS Version 2 Metrics

  • Access Vector: Network exploitable
  • Access Complexity …

Continue reading

dfb-wireshark-dissector : DirectFB Voodoo protocol dissector for Wireshark

Posted on Thu 15 May 2014 in Tool • Tagged with tool, wireshark, directfb

Voodoo is the network layer of DirectFB. dfb-wireshark-dissector is a Wireshark plugin to dissect this protocol.
Main features are :

  • Both packet & raw modes are supported ;
  • FLZ decompression ;
  • Instance ID resolution.

Source code can be found on Github.


Continue reading

Axis Camera M1011 Remote Code Execution Exploit

Posted on Wed 31 July 2013 in Advisory • Tagged with vulnerability, advisory

In January 2013, Rapid7 published a great paper describing several vulnerabilities in the most common UPnP libraries. Six months later, many devices based on these libraries have not been updated and are still exposed.

For example, the Axis M1011 camera contains a vulnerable version of libupnp, which can lead to …


Continue reading

Huawei Mobile Hostpot remote root code execution by SMS (user-triggered)

Posted on Mon 15 July 2013 in Advisory • Tagged with vulnerability, advisory, xss, CVE-2013-2612, huawei

Huawei E587 3G Mobile Hotspot, version 11.203.27, is prone to two vulnerabilities in WebUI; an XSS and a command injection.
The combination of both allows an attacker (with a little help from the victim) to remotely execute code on the device with root privileges, by sending a specifically …


Continue reading

[CVE-2013-2612] Huawei E587 3G Mobile Hotspot Command Injection

Posted on Mon 15 July 2013 in Advisory • Tagged with vulnerability, advisory, CVE-2013-2612, huawei 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[CVE-2013-2612] Huawei E587 3G Mobile Hotspot Command Injection
________________________________________________________________________
Summary:
Huawei E587 3G Mobile Hotspot, version 11.203.27, is prone to a command
injection vulnerability in the Web UI.

Successful exploitation allows unauthenticated attackers to execute
arbitrary commands with root privileges.
________________________________________________________________________
Details …

Continue reading

[CVE-2013-2560] Foscam <= 11.37.2.48 path traversal vulnerability

Posted on Sun 17 March 2013 in Advisory • Tagged with vulnerability, advisory, foscam

Summary

Foscam firmware <= 11.37.2.48 is prone to a path traversal vulnerability in the embedded web interface.

The unauthenticated attacker can access to the entire filesystem and steal web & wifi credentials.

Details

GET //../proc/kcore HTTP/1.0

CVSS Version 2 Metrics

  • Access Vector: Network exploitable
  • Access Complexity …

Continue reading

[CVE-2012-6426] LemonLDAP-NG SAML XML Signature Wrapping

Posted on Sun 17 March 2013 in Advisory • Tagged with vulnerability, advisory, lemonldap

Summary

LemonLDAP-NG <=1.2.2 is prone to a security vulnerability involving XML signature wrapping in authentication process.

Successful exploits may allow unauthenticated attackers to construct specially crafted messages that can be successfully verified and contain arbitrary content.

This may lead to authentication bypass.

Details

Due to a bad use …


Continue reading