Last year during Black Friday, I bought a Cricut Explore Air 2 to make custom stickers, tshirts, and what not. Due to the fact that I like 3D printing and other CNC devices, it seemed right up my alley. Being the security enthusiast that I am, I couldn’t help but look at their site as it was …

A week or so ago, I read the news of a new backdoor on several devices, including those made by Belkin, Cisco, NetGear, Linksys, and several others. A list of what seems to be affected devices can be found here. Eloi Vanderbeken, who posted his findings on GitHub made the original discovery. He also …

I was recently fuzzing a bunch of SSH servers, hoping to find some remote code execution in a non-mainstream server. I ended up finding no code execution in the several that I tried, but I did find one pre-auth denial of service in Syax Multi Server 6.10.

Try this at home!

The vulnerable version …

A buddy of mine, Mulitia, and I were talking about 0-days, and he mentioned finding one in Hex-Chat, a popular IRC client. It was super low severity, but still neat. If you entered “/server " followed by 20,000 random characters, the application died. I decided to try to make a working …

Background

I was talking in Intern0t several months ago. AcidGen, from IOActive mentioned that he found a bug in XBMC. I use XBMC quite a bit at home, on various platforms, since it’s extremely wife-friendly. I hit him up, and we started talking. We had a nice Skype conversation, where we …

I have discovered a bug in the Sysax Multi-Server application. More specifically, it’s in the HTTP File Server service, which is not enabled by default. It has to be turned on by the admin for this exploit to properly function. The user in question also needs permission to create a directory. …