Title: Improper Input Validation leads to buffer overflow in dlt-daemonDate: 12/05/2021CVE-ID: CVE-2021-29507Author: Thomas SermpinisVersions: 2.10.0 < version <= 2.18.6Package URL: https://github.com/GENIVI/dlt-daemon/Tested on: dlt-daemon 2.18.6 The dlt-daemon includes a configuration file load functionality (-c) which is vulnerable to a buffer overflow vulnerability and allows a malicious user to supply a specially crafted configuration file which results […]
Tag: 0day
Title: File Type Restriction Bypass in Socket.io-file NPM moduleDate: 31/07/2020CVE-ID: 2020-24807Advisory: https://github.com/advisories/GHSA-6495-8jvh-f28xAuthor: Thomas SermpinisVersions: <= 2.0.31Package URL: https://www.npmjs.com/package/socket.io-fileTested on: node v10.19.0, Socket.io-file v2.0.31, socket.io v2.3.0Proof of Concept: – During some of our pentests, we face applications that are well secured with not so many misconfigurations. That means that we have to dig deeper, if the […]
Title: Path Traversal in Socket.io-file NPM moduleDate: 18/05/2020CVE-ID: 2020-15779Advisory: https://www.npmjs.com/advisories/1519Author: Thomas SermpinisVersions: <= 2.0.31Package URL: https://www.npmjs.com/package/socket.io-fileTested on: node v10.19.0, Socket.io-file v2.0.31, socket.io v2.3.0Proof of Concept: https://www.exploit-db.com/exploits/48713 During one of my penetration tests for a local military equipment supplier, I faced a web application running on an embedded device that used web sockets in order to […]