Cisco Connected Grid Network Management System Privilege Escalation Vulnerability

A vulnerability in the web GUI of Cisco Connected Grid Network Management System could allow an authenticated, remote attacker to perform limited configuration changes while logged in as a user having the Monitor-Only role. The vulnerability is due to insufficient authorization controls. An...

Amazon Linux: Security Advisory (ALAS-2013-170)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Honeywell Midas Gas Detector Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on November 5, 2015, and is being released to the ICS-CERT web site. Independent researcher Maxim Rupp has identified two vulnerabilities in Honeywell’s Midas gas detector. Honeywell has produced firmware versions t...

RLE Nova-Wind Turbine HMI Insecure Credentials Vulnerability

The Nova-Wind Turbine HMI is the human-machine interface for wind turbines. The Nova-Wind Turbine HMI stores credentials in plain document files, which can allow a malicious user to access the equipment, obtain sensitive information, and change the configuration...

Multiple Cross-Site Request Forgery Vulnerabilities in phpMyAdmin

phpMyAdmin is a WWW interface to the MySQL database online management tools, the main features include online creation of data tables, run SQL statements, search query data and import and export data and so on. Multiple cross-site request forgery vulnerabilities exist in phpMyAdmin, allowing remo...

Security fix for the ALT Linux 8 package proftpd version 1.3.5-alt1.gita31d0ab

May 20, 2015 Konstantin Lepikhov 1.3.5-alt1.gita31d0ab - Updated to 1.3.5-a31d0ab GIT fixing following CVEs: + CVE-2013-4359. - Include the fix for Bug 4169 Unauthenticated copying of files via SITE CPFR/CPTO allowed by modcopy. - Configuration changes: + enabled pcre support; + enabled memcache...

CVE-2014-8384

The InFocus IN3128HD projector with firmware 0.26 does not restrict access to cgi-bin/webctrl.cgi.elf, which allows remote attackers to modify the DHCP server and device IP configuration, reboot the device, change the device name, and have other unspecified impact via a crafted request...

Baxter SIGMA Spectrum Infusion System Vulnerabilities

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on June 30, 2015, and is being released to the NCCIC/ICS-CERT web site. Researcher Jared Bird with Allina IS Security identified four vulnerabilities in Baxter’s SIGMA Spectrum Infusion System. Baxter has released a...

Ubiquiti Inc.: UniFi v3.2.10 Cross-Site Request Forgeries / Referer-Check Bypass

VULNERABILITY DESCRIPTION ----------- The application UniFi v3.2.10 uses JSON requests to add/edit/save/delete configuration options on the administrative web-interface, but the application has an insufficient Cross-Site Request Forgery protection in place by only checking whether the Referer...

Huawei Datacard Information Disclosure Vulnerability

This module exploits an unauthenticated information disclosure vulnerability in Huawei SOHO routers. The module will gather information by accessing the /api pages where authentication is not required, allowing configuration changes as well as information disclosure, including any stored SMS. Thi...

Security fix for the ALT Linux 9 package krb5 version 1.13-alt1

Oct. 31, 2014 Alexey Shabalin 1.13-alt1 - 1.13 - fixed CVE-2014-5351 - move header from /usr/include/krb5 to /usr/include - drop kdcrotate service - update krb5.conf: + add logging example + add realms example + add domainrealm example + define defaultccachename as KEYRING:persistent:%uid...

deV!L`z Clanportal 1.5.2 - Remote File Include Vulnerability

No description provided by source. + deV!Lz Clanportal 1.5.2 Remote File Include Vulnerability + Discovered By: cr4wl3r + Download: http://www.dzcp.de/downloads/?action=download&id=131 x Code in dzcp1.5.2/inc/config.php REQUIRES requireonce$basePath./inc/mysql.php; --- RFI function show$tpl, $arr...

Trend Micro InterScan VirusWall for Windows NT 3.4/3.5/3.51 Remote Reconfiguration Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2808/info Interscan Viruswall is a Virus scanning software package distributed and maintained by Trend Micro. It is designed to scan for virus occurances in both incoming and outgoing traffic via SMTP, FTP, and HTTP at th...

D-Link AirPlus DI-614+, DI-624, DI-704 DHCP Log HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10587/info It is reported that the DI-614+, DI-704, and the DI-624 are susceptible to an HTML injection vulnerability in their DHCP log. An attacker who has access to the wireless, or internal network segments of the rout...

openSUSE Security Update : openstack (openSUSE-2013-237)

The Openstack Stack components were updated to Folsom level as of March 5th. Changes in openstack-cinder : - Update 12.3 packages to Folsom as of March 5th. This comes with security fixes and bug fixes that we need to have OpenStack work nicely. Fix bnc802278. - Update cinder-config-update.diff:...

An Overview of KB2871997

An Overview of KB2871997 Microsoft recently released KB2871997 for Windows 7, Windows 8, Windows Server 2008R2, and Windows Server 2012. This blog will give an overview of the feature changes, their impact, and some important configuration changes that can be made in conjunction with the update t...

Fedora Update for ndjbdns FEDORA-2014-5511

Check for the Version of ndjbdns OpenVAS Vulnerability Test Fedora Update for ndjbdns FEDORA-2014-5511 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

SNMP Version 3 Authentication Vulnerabilities (cisco-sa-20080610-snmpv3)

Multiple Cisco products contain either of two authentication vulnerabilities in the Simple Network Management Protocol version 3 SNMPv3 feature. These vulnerabilities can be exploited when processing a malformed SNMPv3 message. The vulnerabilities could allow the disclosure of network information...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in D-Link DIR865L router Rev. A1 with firmware before 1.05b07 allow remote attackers to hijack the authentication of administrators for requests that 1 change the administrator password or 2 enable remote management via a request to...

GE Proficy Real-Time Information Portal Information Disclosure Vulnerabilities

Overview This advisory provides mitigation details for multiple vulnerabilities that impact the GE Intelligent Platforms Proficy Real-Time Information Portal. General Electric GE has addressed two vulnerabilities in the GE Intelligent Platforms Proficy Real-Time Information Portal. Exploitation o...