Trinity is a fully chained exploit for the PS Vita consisting of six unique vulnerabilities. It is based on a decade of knowledge and research. This is a long whitepaper detailing everything.
The IDAL FTP server is vulnerable to a buffer overflow where a large string is sent by an authenticated attacker that causes a buffer overflow. This overflow is handled, but terminates the process. An authenticated attacker can send a FTP command string of 472 bytes or more to overflow a buffer causing an exception that […]
EA Origin versions prior to 10.5.38 suffer from a remote code execution vulnerability.
The IDAL FTP server fails to ensure that directory change requests do not change to locations outside of the FTP servers root directory. An authenticated attacker can simply traverse outside the server root directory by changing the directory with “cd ..”. An authenticated attacker can traverse to arbitrary directories on the hard disk and then […]
The IDAL FTP server is vulnerable to memory corruption through insecure use of user supplied format strings. An attacker can abuse this functionality to bypass authentication or execute code on the server.
ABB HMI fails to perform any signature validation checking during two different transmission methods for upgrade.
The IDAL HTTP server CGI interface contains a URL, which allows an unauthenticated attacker to bypass authentication and gain access to privileged functions. In the IDAL CGI interface, there is a URL (/cgi/loginDefaultUser), which will create a session in an authenticated state and return the session ID along with the username and plaintext password of […]
AZADMIN CMS of HIDEA version 1.0 suffers from a remote SQL injection vulnerability.
GSearch version 1.0.1.0 suffers from a denial of service vulnerability.
GrandNode versions 4.40 and below suffer from arbitrary file download and path traversal vulnerabilities.