Radio Thermostat of America, Inc products CT80 and CT50 versions 1.4.64 and prior fail to authenticate any access to their API.
ddb62d7e2cdd7b877be375ce3503ead041eecf8f4c500d94945c215ccd64bcb5
Karotz Smart Rabbit version 12.07.19.00 suffers from python module hijacking and cleartext token passing vulnerabilities.
89ac63705c52fad81984e28370079412330c777051779d769ad506e815011359
LIXIL Satis Toilet suffers from having a hard-coded bluetooth PIN of 0000. Attackers can cause your toilet to repeatedly flush. Yes, this is a real advisory.
59e34c3c147f00689fcded58d1f6ab5a5fb010be87beb1a7464a18915563cc9f
MiCasaVerde VeraLite version 1.5.408 suffers from path traversal, insufficient authorization checks, and cross site request forgery vulnerabilities.
f9a3f43c8dc78da3ef4d700ca406a351a37737ce36a34b9e1883287aa0b5874d
Core Security Technologies Advisory - This advisory describes multiple vulnerabilities based on quirks in how Windows handles file names. Nginx, Cherokee, Mongoose, and LightTPD webservers suffer from related vulnerabilities. Details are provided.
d14c8eb014b778de314270ccadfa10820be40c7e4cb58c2ae40cd08b564722b4
Whitepaper entitled Advanced application-level OS fingerprinting: Practical approaches and examples.
e7bbfb46c5d92567d485f28a4014af6d68fc50ef1c5709b2306ba11e36be0d3d
ACS Blog version 1.1.1 is susceptible to multiple cross site scripting attacks.
0c6942c90bd3e4344142bcb9a42ec2ca5feae9635b10587ede08a046069e3c05