Delta Industrial Automation WPLSoft dvp File Buffer Overflow Vulnerability

Delta Industrial Automation is a global industrial automation manufacturer of power management and thermal solutions. WPLSoft and PMSoft are Delta's PLC programming software. A buffer overflow vulnerability exists in the Delta Industrial Automation WPLSoft dvp file due to a failure to validate th...

Advantech WebAccess nvA1Media Connect MediaUsername Stack Buffer Overflow Remote Code Execution Vulnerability

Advantech WebAccess is a set of HMI/SCADA software from Advantech based on browser architecture. The software supports dynamic graphic display and real-time data control, and provides remote control and management of automation equipment. A stack buffer overflow remote code execution vulnerabilit...

The vulnerability of the microprogramming software in the access control system for the NetScaler Gateway allows a intruder to execute any command they desire.

The vulnerability of the microprogramming software in the access control system for the NetScaler Gateway lies in the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using uncertain vectors...

PT-2016-36: Privilege Escalation in McAfee Application Control

The specialists of the Positive Research center have detected a Privilege Escalation vulnerability in McAfee Application Control. Vulnerability in McAfee Application Control allows attackers elevate privileges, cause a denial of service, or potentially execute arbitrary code via unauthorized use ...

Beijing Jiezhong Industrial Control Software FameView Arbitrary File Read/Write Vulnerability

FameView automation configuration management software is a configuration monitoring software developed by Beijing Jiezhong Company based on Windows operating system with years of experience in engineering application and service. Beijing Jiezhong industrial control configuration software FameView...

Nanjing Sun Tang Industrial Control Software QTouch Remote Denial of Service Vulnerability

Nanjing Sun Tang industrial control configuration software QTouch is the leader of the second generation of domestic configuration software and the leader, across multiple operating systems, multi-CPU platform. A remote denial of service vulnerability exists in QTouch, which can be exploited by...

CVE-2015-2118

CVE-2015-2118 affects HP Access Control (AC) Pull Print components (Secure Pull Print / Security Pull Print) for HP AC 12.x–14.x up to 14.1.2. The HP Security Bulletin (HPSBPI03322 rev.1/ rev.2) describes a local unauthorized access vulnerability that could allow an attacker with local access to ...

Rosewill RSVA11001 - Remote Command Injection

No description provided by source. I have been hacking on a Rosewill RSVA11001 for a while now, something to suck up my free time. I had pulled apart the firmware previously but did not succeed in finding a way to get a shell on the device. The box is Hi3515 based, I found an exploit for another...

IBM Remote Control Software 1.0 Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/284/info The IBM Remote Control Software package requires a client module to be loaded on NT hosts to be remotey controlled. This client module is loaded as an NT service and must run under either the local system account...

Research Quantifies Forged SSL Certificates in the Wild

An attacker with a forged SSL certificate is quite the Internet villain these days, be he a criminal or government spy. In possession of such a cert, an attacker can easily decrypt and monitor traffic, steal credentials and other sensitive information from a network. And with sensitivity over...

IOServer越界读取漏洞

Bugtraq ID:66761 CVE ID:CVE-2014-0777 IOServer是运行在Windows上的工业控制软件，包含内置Web服务器以支持XML服务器功能。 OPC Drivers 1.0.20之前版本内的Modbus从站及分站驱动程序在实现上存在越界读漏洞，攻击者通过特制的数据包，利用此漏洞可造成拒绝服务。 0 ioserver ioserver = 1.0.20 目前厂商已经发布了升级补丁以修复漏洞，请下载使用： http://www.ioserver.com/...

Rosewill RSVA11001 - Remote Command Injection

Rosewill RSVA11001 - Remote Command Injection I have been hacking on a Rosewill RSVA11001 for a while now, something to suck up my free time. I had pulled apart the firmware previously but did not succeed in finding a way to get a shell on the device. The box is Hi3515 based, I found an exploit f...

Rosewill RSVA11001 - Remote Command Injection

Exploit for hardware platform in category remote exploits I have been hacking on a Rosewill RSVA11001 for a while now, something to suck up my free time. I had pulled apart the firmware previously but did not succeed in finding a way to get a shell on the device. The box is Hi3515 based, I found ...

IOServer 1.0.18.0 Directory Traversal / File Download

===================================================================== BEGIN Foofus.net Security Advisory: foofus-20120817 BEGIN ===================================================================== Title: IOServer "Root Directory" Trailing Backslash Web Server Vuln Allows: Arbitrary File Access,...

Heap overflow

Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier, InFusion CE/FE/SCADA 2.5 and earlier, Wonderware Information Server 4.5 and earlier, ArchestrA...

Heap overflow

Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier, InFusion CE/FE/SCADA 2.5 and earlier, Wonderware Information Server 4.5 and earlier, ArchestrA...

CVE-2012-0258

The CVE-2012-0258 issue is a heap-based buffer overflow in the WWCabFile ActiveX Component used by Wonderware System Platform and related products (Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier, InFusion CE/FE/SCADA 2.5 and earlier, Wonderware Informatio...

Duqu computer virus Detected by Iran civil defense organization

Duqu computer virus Detected by Iran civil defense organization The virus is called W32.Duqu, or just Duqu create fear after the opening Pandora's Box of Stuxnet. The head of Iran's civil defense organization told the official IRNA news agency that computers at all main sites at risk were being...

Lumension Device Control memory corruption

Memory corruption on TCP/65129 traffic parsing...

Metasploit Holding On Siemens Exploits

UPDATE: A week after a security researcher decided to cancel a technical discussion of security holes in industrial control software from Siemens, Inc., public exploits for the vulnerabilities are on hold while the company works to shore up systems running its Simatic programmable logic controlle...