HiSilicon Video Encoder allows for full administrative access via a backdoor password. Versions affected are vendor specific.
>> ARCHIVE: 2020-10
ReQuest Serious Play F3 Media Server version 7.0.3 suffers from a denial of service vulnerability. The device can be shutdown or rebooted by an unauthenticated attacker when issuing one HTTP…
Jenkins version 2.63 suffers from a sandbox bypass vulnerability.
HiSilicon Video Encoder suffers from an unauthenticated RTSP buffer overflow vulnerability that can cause a denial of service condition.
FRITZ!Box versions 7.20 and below suffer from a DNS rebinding protection bypass vulnerability.
ReQuest Serious Play F3 Media Server version 7.0.3 suffers from an unauthenticated remote code execution vulnerability. Abusing the hidden ReQuest Internal Utilities page (/tools) from the services provided, an attacker…
Mocha for Android suffers from an issue where a call can cause the callee device to send audio without user interaction.
Chrome suffers from a use-after-free vulnerability in WebIDBGetDBNamesCallbacksImpl::SuccessNamesAndVersionsList.
Chrome suffers from a use-after-free vulnerability in USB::OnServiceConnectionError.
This Metasploit module exploits a server-side include (SSI) in SharePoint to leak the web.config file and forge a malicious ViewState with the extracted validation key. This exploit is authenticated and…