CVE-2024-27905

UNSUPPORTED WHEN ASSIGNED Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Aurora. An endpoint exposing internals to unauthenticated users can be used as a "padding oracle" allowing an anonymous attacker to construct a valid authentication cookie. Potentially thi...

PT-2024-23028 · Aurora · Aurora

Name of the Vulnerable Software and Affected Versions: Aurora affected versions not specified Description: The issue is related to an information disclosure due to uninitialized data in the aur get state function of aurora.c. This could lead to local information disclosure without requiring...

The Aurora Power Grid Vulnerability and the BlackEnergy Trojan

At recent Industrial IoT security briefings, the Aurora vulnerability has come up repeatedly. Attendees ask, “Is our country’s power grid safe? How can we protect the grid? What is Aurora?” This post provides a look at Aurora, and the BlackEnergy attack that can exploit Aurora. In March 2007, the...

Immunity Canvas: AURORA_FLASH

Name| auroraflash ---|--- CVE| CVE-2010-0249 Exploit Pack| CANVAS Description| Aurora vulnerability with ActionScript JIT spraying for IE8 and Windows 7 Notes| CVE Name: CVE-2010-0249 VENDOR: Microsoft VersionsAffected: Repeatability: References: MS10-002 CVE Url: Date public: 01/21/2001 CVSS: 9....