CVE-2023-29984 : Null pointer dereference vulnerability exists in multiple vendors MFPs and printers which implement Debut web server 1.2 or 1.3. Processing a specially crafted request may lead an affected product to a denial-of-service ... https://t.co/eKZjVFKuIe
Very simple vulnerability I discovered on a large number of printers…. Basically, create a URL request to the printer IP with “%00” in it and it crashes/reboots the printer. CVE link and demo video below.
https://t.co/8CEFJOZ5mL
https://t.co/jDbcueP1CK
Hey @BrotherOffice @FujifilmUS, I’ve tried contacting your PSIRT teams. I have an very simple DOS exploit for a large number of your printers. I will publicly release it 1st April if I don’t hear back. This is a polite record that I’ve tried to contact you.
@BrotherOffice Did you even read my message? A huge numbers of your printers are vulnerable to a DOS, I’ve reported it to your security teams with no response. I’ll be publicly releasing the information 1st April so please don’t say you were not warned.
Hey @BrotherOffice @FujifilmUS, I’ve tried contacting your PSIRT teams. I have an very simple DOS exploit for a large number of your printers. I will publicly release it 1st April if I don’t hear back. This is a polite record that I’ve tried to contact you.
Eventful week, discovered a #ZeroDay vulnerability on many Brother/Fuji Xerox printers that does an unauthenticated DOS (sends them in a constant reboot cycle). How to perform it? Via a simple URL to the printer IP address😬 Contact been made with vendor PSIRT. Watch this space…
Eventful week, discovered a #ZeroDay vulnerability on many Brother/Fuji Xerox printers that does an unauthenticated DOS (sends them in a constant reboot cycle). How to perform it? Via a simple URL to the printer IP address😬 Contact been made with vendor PSIRT. Watch this space…
Something I was working on last year.... A script (Python) running on a $50 Raspberry Pi that shows you what users are entering into search engines such as Google. This works by pulling URL logs from a #paloaltonetworks firewall via its API.
https://t.co/YljVGJ33Rq
*Incoming* API script to #PaloAltoFirewall to display all Google searches in the last 24 hours. This could throw up some interesting results - ping me if you want to help test...... @PaloAltoNtwks
Hmmm, interesting how different apps are programmed with the user-agent field in HTTP traffic. Here, the Evernote app leaks the exact version of Evernote and Windows OS version. Very useful information for an attacker, knowing the attack surface @PaloAltoNtwks#PaloAlto#Hacking
My only interview question about a decade back for my first Network Engineering position was "Do you want to be a network engineer?" That was it.
Prior to that, I helped out the team whenever I was asked. Eventually the work I did opened the doors.
Work hard, get noticed.