CVSS v4.0 Score: 8.5 / High   Samsung Audio devices are Bluetooth pairable by default without user input nor a way to stop this mode. Vendor: SamsungProducts: Galaxy Buds, Galaxy Buds 2Discovered by: Antonio Vázquez Blanco (@antonvblanco), Jesús María Gómez MorenoPublic fix: NoProof of Concept: https://github.com/TarlogicSecurity/BlueSpy   Summary: Samsung Galaxy Buds and Galaxy Buds 2 are earphones that are pairable by default without requiring user interaction or a way to avoid it.   Details: Devices fail to pass the following BSAM controls: BSAM-PA-01 - Pairable mode by default BSAM-PA-02 - Input and output capabilities BSAM-PA-04 - Rejection of legacy pairing BSAM-PA-05 - Pairing without user interaction Impact: This allows for device pairing without user consent nor user notification, leading to take full control of device. As a consequence, audio ...

This article documents the Bluetooth research line driven by Tarlogic Security as well as data on the ESP32 chip

In recent days, a critical vulnerability (CVE-2025-1094) has been discovered in PostgreSQL that could compromise the integrity of databases in enterprise and production environments. This flaw allows a remote attacker to execute SQL injections by exploiting critical system functions such as PQescapeLiteral(), PQescapeIdentifier(), PQescapeString() and PQescapeStringConn(). PostgreSQL is a widely used open source relational database management system. The CVE-2025-1094 vulnerability is due to improper neutralization of quoting syntax in various PostgreSQL command-line programs and functions, which would allow a database entry provider to achieve SQL injection in certain usage patterns. Versions before PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected. CVE-2025-1094 main features The main characteristics of this vulnerability are detailed below. CVE Identifier: CVE-2025-1094. Publication date: 02/13/2025. Affected ...

This Pentesting Liferay Applications guide includes techniques that can be used to identify vulnerabilities and flaws in Liferay environments Liferay is a platform developed in the early 2000s that provides a Content Management System (CMS) which currently powers thousands of websites for very successful companies and government entities. As pentesters and red teamers, it is very common to find a Liferay instance as part of the infrastructure of a company. However, due to the very little documentation freely available online and the limited research that has been done on it in comparison to other CMSs such as Wordpress or Drupal, it is quite challenging to find examples of common misconfigurations and previous vulnerabilities in Liferay instances. In response, this blog ...

A high-severity vulnerability has been discovered affecting the Common Log File System (CLFS) functionality in Windows systems. This vulnerability, identified as CVE-2024-49138, allows attackers to execute remote code by exploiting insufficient validation in log entry handling. Key Features of the Vulnerability CVE Identifier: CVE-2024-49138. Publication Date: 12/11/2024. Affected Software: Common Log File System (CLFS) functionality in Windows systems. CVSS Score: 7.8 (High). Exploitation Requirements: Requires local access to the system but does not initially require elevated privileges. The vulnerability arises due to insufficient validation in the CLFS functionality used to manage logs in Windows environments. With proper exploitation, an attacker could escalate privileges or execute malicious code with elevated permissions. Mitigation and Recommendations Microsoft has released security patches addressing this ...

Information has been disclosed about a new critical vulnerability affecting the popular Apache Struts framework. The CVE-2024-53677 vulnerability could allow a remote attacker to execute code remotely Apache Struts is an open-source web development framework based on Java, designed to build robust and scalable web applications. It is particularly known for implementing the Model-View-Controller (MVC) design pattern, which separates business logic, presentation, and control flow in web applications. CVE-2024-53677 key features The main details of this vulnerability are outlined below: CVE Identifier: CVE-2024-53677. Publication date: 12/11/2024. Affected software: Apache Struts. CVSS Score: CVSS:3.1 /AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8 Critical). Affected Versions: From version 2.0.0 to 2.5.33 From version 6.0.0 to 6.3.0.2. Exploitation: This vulnerability originates in the file upload mechanism of Apache Struts. ...

Critical vulnerability CVE-2024-52316 affecting Apache Tomcat allows authentication bypass when using the Jakarta authentication API A critical vulnerability has been identified in Apache Tomcat, widely used in enterprise environments to serve web applications. This vulnerability, registered as CVE-2024-52316, allows unauthenticated remote attackers to bypass the authentication process under certain specific configurations, potentially compromising the security of affected systems. The vulnerability lies in the integration of Apache Tomcat with Jakarta Authentication (formerly known as JASPIC). If Tomcat is configured to use a custom ServerAuthContext component in Jakarta Authentication that may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, authentication may not fail properly, allowing the user to bypass the authentication process. Main features ...

Information has been disclosed about a new high vulnerability (CVE-2024-6387) that affects OpenSSH over Linux Servers. RegreSSHion allows an unauthenticated attacker to obtain remote code execution (RCE) OpenSSH is the premier connectivity tool for remote login with the SSH protocol. It encrypts all traffic to eliminate eavesdropping, connection hijacking, and other attacks. In addition, OpenSSH provides a large suite of secure tunneling capabilities, several authentication methods, and sophisticated configuration options. Analyzing data from several sources such as Shodan or Censys it can be observed that there are more than 14M exposed OpenSSH instances that are potentially vulnerable to regreSSHion. The vulnerability CVE-2024-6387, that affects default installation of OpenSSH, consists of exploiting a race condition in order to obtain Remote Code ...

The Bluetooth architecture determines which functions should be operational in an implementation and how they should be organised Bluetooth is composed of multiple technologies, protocols, and elements. Their relationship and usage are complex, presenting a barrier to entry when starting to study this technology. This article aims to serve as an introduction to the architecture of a Bluetooth communication device and clarify the role each of its components plays. The architecture described in the extensive Bluetooth standard dictates which functions must exist in an implementation and how they should be organized, so knowing it greatly facilitates understanding the operation of a device, a codebase, or Bluetooth as a technology in general. However, as it is structured, the standard is not ...