136 matches found
Sinking a ship and hiding the evidence
Our earlier work on Voyage Data Recorder manipulation got us thinking about how a malicious individual or organisation might bring about the demise of a ship and hide the evidence. There are plenty of ways to get malware on to a ship. Whether it’s via satcoms, phishing, USB, crew Wi-Fi, dodgy DVD...
Hacking Navtex maritime warning messages
When data roaming was still expensive across Europe and cellular data service was patchy, I used Navtex extensively whilst sailing in the Mediterranean. Every four hours, one could get a useful marine weather forecast. Was there a fun days sailing ahead, or was a dash for port and gin & tonic in ...
CVE-2018-0183
Cisco IOS XE Software for Cisco 4000 Series routers contains a local privilege-escalation (CVE-2018-0183) in the CLI parser. An authenticated attacker with privileged EXEC (level 15) can exploit crafted CLI arguments to gain access to the device’s underlying Linux shell and execute commands as ro...
Virtuozzo 6 : squid34 (VZLSA-2017-0183)
An update for squid34 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
CVE-2017-0183
CVE-2017-0184 is a Hyper-V Denial of Service vulnerability caused by improper validation of input from a privileged user on a guest OS. Exploitation could crash the host Hyper-V service. A known remediation is the security update KB3217841 (April 2017).
Microsoft Windows Monthly Rollup (KB4015550)
This host is missing a monthly rollup according to Microsoft KB4015550. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Microsoft Windows Monthly Rollup (KB4015549)
This host is missing a monthly rollup according to Microsoft security update KB4015549. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Virtuozzo Linux Errata and Security Advisory 2017:0183 Moderate
Upstream security update. Follow RHSA-2017-0183 for details...
Oracle Linux 6 : squid34 (ELSA-2017-0183)
The remote Oracle Linux 6 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2017-0183 advisory. 7:3.4.14-9.4 - Resolves: 1412733 - CVE-2016-10002 squid34: squid: Information disclosure in HTTP request processing Tenable has extracted the preceding...
CVE-2016-0183
Summary: CVE-2016-0183 is a remote code execution flaw in the Windows font library used by Microsoft Office components (Office 2010 SP2, Word 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, Office Web Apps 2010 SP2). What’s affected: Windows Font Library within affected Office p...
Microsoft Office Graphics Information Disclosure (MS16-054: CVE-2016-0183)
An information disclosure vulnerability exists in Microsoft Office Graphics. The vulnerability is due to an out of bound memory read resulting in a memory safety issue. A successful exploitation of the issue could allow an attacker to achieve information disclosure...
KLA10804 Code execution vulnerabilities in Microsoft Office
Multiple serious vulnerabilities have been found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities 1. An improper memory objects handling can be exploited remotely via a specially designed content; 2. An...
MS16-054: Security Update for Microsoft Office (3155544)
The version of Microsoft Office installed on the remote Windows host is affected by multiple vulnerabilities : - Multiple remote code execution vulnerabilities exist due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit these vulnerabilities by convincing ...
Oracle: Security Advisory (ELSA-2011-0183)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : RubyOnRails (openSUSE-SU-2013:0338-1)
The Ruby on Rails 2.3 stack was updated to 2.3.17. The Ruby on Rails 3.2 stack was updated to 3.2.12. The Ruby Rack was updated to 1.1.6. The Ruby Rack was updated to 1.2.8. The Ruby Rack was updated to 1.3.10. The Ruby Rack was updated to 1.4.5. The updates fix various security issues and bugs. ...
GLSA-201405-10 : Rack: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201405-10 Rack: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Rack. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with...
[SECURITY] [DSA 2783-2] librack-ruby regression update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - -------------------------------------------------------------------------- Debian Security Advisory DSA-2783-2 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso October 24, 2013 http://www.debian.org/security/faq -...
Debian DSA-2783-1 : librack-ruby - several vulnerabilities
Several vulnerabilities were discovered in Rack, a modular Ruby webserver interface. The Common Vulnerabilites and Exposures project identifies the following vulnerabilities : - CVE-2011-5036 Rack computes hash values for form parameters without restricting the ability to trigger hash collisions...
Debian Security Advisory DSA 2783-1 (librack-ruby - several vulnerabilities)
Several vulnerabilities were discovered in Rack, a modular Ruby webserver interface. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2011-5036 Rack computes hash values for form parameters without restricting the ability to trigger hash collisions...
Oracle Linux 6 : openoffice.org (ELSA-2011-0183)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-0183 advisory. - CVE-2010-4643 heap based buffer overflow when parsing TGA files - CVE-2010-4253 heap based buffer overflow in PPT import - CVE-2010-3450 directory...