Default credentials

EMC Unisphere for VMAX before 1.6.1.6, when using an unspecified level of debug logging in LDAP configurations, allows local users to discover the cleartext LDAP bind password by reading the console...

Cisco Unified Computing System Fabric Interconnect Denial of Service Vulnerability

A vulnerability in the fabric interconnect FI of the Cisco Unified Computing System could allow an authenticated, local attacker to create a denial of service DoS condition. The vulnerability is due to improper filtering of user-supplied parameters. An attacker could exploit this vulnerability by...

Apple Motion Integer Overflow Vulnerability

Apple Motion Integer Overflow Vulnerability =========================================== Vendor: Apple http://www.apple.com Software: Motion 5.0.7 Testcase verified on: OS X 10.8 Credit: Jean Pascal Pereira [email protected] DESCRIPTION =========== An integer overflow vulnerability has been...

Apple Motion 5.0.7 Integer Overflow Vulnerability

No description provided by source. Apple Motion Integer Overflow Vulnerability =========================================== Vendor: Apple http://www.apple.com Software: Motion 5.0.7 Testcase verified on: OS X 10.8 Credit: Jean Pascal Pereira [email protected] DESCRIPTION =========== An integer...

Apple Motion 5.0.7 - Integer Overflow

Apple Motion Integer Overflow Vulnerability =========================================== Vendor: Apple http://www.apple.com Software: Motion 5.0.7 Testcase verified on: OS X 10.8 Credit: Jean Pascal Pereira DESCRIPTION =========== An integer overflow vulnerability has been identified in Apple...

Apple Motion 5.0.7 Integer Overflow

Apple Motion Integer Overflow Vulnerability =========================================== Vendor: Apple http://www.apple.com Software: Motion 5.0.7 Testcase verified on: OS X 10.8 Credit: Jean Pascal Pereira DESCRIPTION =========== An integer overflow vulnerability has been identified in Apple...

CVE-2013-0692

The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary code by connecting to the debug service...

Code injection

The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary code by connecting to the debug service...

CVE-2013-0692

The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary code by connecting to the debug service...

CVE-2013-0692

CVE-2013-0692 affects Emerson ROC800 RTUs running ENEA OSE (ROC800, ROC800L, DL8000) with affected software revisions (ROC800 3.50 or earlier, DL8000 2.30 or earlier, ROC800L 1.20 or earlier). The vulnerability allows remote code execution by connecting to the device’s debug service via the ENEA ...

Design/Logic Flaw

The remote debug shell on the PALO adapter card in Cisco Unified Computing System UCS allows local users to gain privileges via malformed show-macstats parameters, aka Bug ID CSCub13772...

Command injection

MCTOOLS in the fabric interconnect in Cisco Unified Computing System UCS allows local users to execute arbitrary Baseboard Management Controller BMC commands by leveraging 1 local, 2 shell-level, or 3 debug-level privileges at the operating-system layer, aka Bug ID CSCtg76239...

ICS Vendor Fixes Hard-Coded Credential Bugs Nearly Two Years After Advisory

Nearly two years after a security researcher published details of the hard-coded credentials that ship with a slew of industrial control system products made by Schneider Electric, the company has released updated firmware that fix the problems. The vulnerabilities, which were discovered by...

[ollydbg-binary-execution-visualizer] New Tool for Visualizing Binaries With Ollydbg and Graphvis

Sometimes crackme’s or something you might be reversing will constantly bug you due to the excessive usage of f7 & f8. It will be quiet neat if you can see how the application is executing visually and set your break points accordingly. Requirements: o Ollyscript plugin o Bunch of your favorite...

Ofilter Player 1.2.0.1 Buffer Overflow

Exploit Title : Ofilter Player Version 1.2.0.1 - skin1.ini - SEH Based Buffer Overflow PoC Date : 12-09-2013 Exploit Author : gunslinger Author Homepage : http://www.cr0security.com Software Link : http://download.cnet.com/Ofilter-Player/3000-21394-78232.html Price : Free to try; $19.99 to buy...

Watchguard Server Center 11.7.4 Insecure Library Loading

Watchguard Server Center v11.7.4 wgpr.dll Insecure Library Loading Local Privilege Escalation Vulnerability RCE Security Advisory http://www.rcesecurity.com 1. ADVISORY INFORMATION ----------------------- Product: Watchguard Server Center Vendor URL: www.watchguard.com Type: Uncontrolled Search...

Kingfisher Debug Terminal Detection

Binary data 6962.prm...

MyBB < 1.6.10 Multiple Vulnerabilities

According to its version number, the MyBB install hosted on the remote web server is affected by multiple vulnerabilities : - A SQL injection vulnerability exists due to improper sanitization of user-supplied input during database optimization. - A SQL injection vulnerability exists due to improp...

Oracle Linux 6 : gdb (ELSA-2013-0522)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-0522 advisory. - Fix CVE-2011-4355 gdb: arbitrary code execution via .debuggdbscripts' Jan Kratochvil, RH BZ 756116. Tenable has extracted the preceding description block...

activemq: Multiple XSS flaws in web demos

Multiple cross-site scripting XSS vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via 1 the refresh parameter to PortfolioPublishServlet.java aka demo/portfolioPublish or Market Data Publisher, or vectors involving 2...