Yearly Archives: 2023

News

Upstream Supply Chain Attacks Triple in a Year

Read Time:2 Second

Sonatype detects over 245,000 malicious packages

Read More

Advisories

CVE-2022-47893

Read Time:11 Second

There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, that could allow him to execute arbitrary code as root.

Read More

Advisories

CVE-2022-47891

Read Time:9 Second

All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the administrator password via the legitimate recovery function.

Read More

Advisories

CVE-2023-0828

Read Time:12 Second

Cross-site Scripting (XSS) vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms.

Read More

News

Hacking Gas Pumps via Bluetooth

Read Time:18 Second

Turns out pumps at gas stations are controlled via Bluetooth, and that the connections are insecure. No details in the article, but it seems that it’s easy to take control of the pump and have it dispense gas without requiring payment.

It’s a complicated crime to monetize, though. You need to sell access to the gas pump to others.

Read More