CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ThreatPost•added 2014/07/07 3:36 p.m.•13 views

Motives Behind Havex ICS Malware Campaign Remain a Mystery

Since Stuxnet there have been few confirmed reports of malware targeting particular industrial control system software. But now we have a campaign using the Havex remote access Trojan that has three European energy sector vendors in its crosshairs—or does it? The outbreak, reported by security...

0.4AI score

Exploits0References4

seebug.org•added 2014/07/01 12:0 a.m.•12 views

Virtual Hosting Control System 2.4.7 .1 Server_day_stats.PHP Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/17790/info Virtual Hosting Control System is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have...

seebug.org•added 2014/07/01 12:0 a.m.•14 views

Virtual Hosting Control System 2.2/2.4 Error Message Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15538/info Virtual Hosting Control System is prone to cross-site scripting attacks. The vulnerability arises when error messages are rendered and could let an attacker inject hostile HTML and script code into the browser...

seebug.org•added 2014/07/01 12:0 a.m.•31 views

Asp VevoCart Control System 3.0.4 - DB Download Vulnerability

No description provided by source. ======================================================================================== | Title : Asp VevoCart Control System Version 3.0.4 DB Download Vulnerability | Author : indoushka | email : [email protected] | Home : Souk Naamane - 04325 - Oum El...

ThreatPost•added 2014/06/24 9:3 a.m.•19 views

Kaspersky, Citizen Lab Uncover HackingTeam Mobile Malware

Controversial spyware commercially developed by Italy’s HackingTeam and sold to governments and law enforcement for the purpose of surveillance, has a global command and control infrastructure and for the first time, security experts have insight into how its mobile malware components work...

ThreatPost•added 2014/06/04 3:19 p.m.•9 views

COPA-DATA Patches DNP3 SCADA Vulnerability

A vulnerability exists in a particular brand of SCADA software that if left unpatched, could trigger a denial of service condition and go on to compromise the software’s communication connections, resulting in system instability. The problem is an improper input validation vulnerability and exist...

1.4AI score

ThreatPost•added 2014/05/28 9:41 a.m.•8 views

Siemens Fixes DoS Flaw in Rugged OS Devices

Siemens has patched a denial-of-service vulnerability that affected many versions of its Rugged Operating System, software that runs on some of the company’s RuggedCom switches and serial-to-ethernet devices. The vulnerability could enable a remote attacker to cause the Rugged OS software to cras...

1.4AI score

Exploits0References1

ThreatPost•added 2014/05/21 10:31 a.m.•8 views

ICS-CERT Confirms Public Utility Compromised Recently

Attackers recently compromised a utility in the United States through an Internet-connected system that gave the attackers access to the utility’s internal control system network. The utility, which has not been named, had remote access enabled on some of its Internet-connected hosts and the...

0.3AI score

Exploits0References2

ThreatPost•added 2014/05/14 11:6 a.m.•14 views

Buffer Overflows Patched in Yokogawa Control System Products

Patches for critical vulnerabilities in production control system software built by Yokogawa Electric Corp. of Japan are available, according to an advisory issued Tuesday by the Industrial Control System Cyber Emergency Response Team ICS-CERT. The advisory warns that there are publicly available...

3AI score

Exploits0References2

ThreatPost•added 2014/04/21 1:49 p.m.•7 views

OpenICS ICS Protocol Decoder Builds Data Dictionaries

Industrial control system security has been called archaic, laughable and even non-existent. Most ICS and SCADA systems weren’t built with the Internet in mind, much less security, but yet they are at the forefront of manufacturing, building automation and critical infrastructure operations...

7AI score

Exploits0References4

Fedora•added 2014/03/15 3:17 p.m.•45 views

[SECURITY] Fedora 20 Update: subversion-1.8.8-1.fc20

Subversion is a concurrent version control system which enables one or more users to collaborate in developing and maintaining a hierarchy of files and directories while keeping a history of all changes. Subversion only stores the differences between versions, instead of every complete file...

4.3CVSS2.5AI score0.11052EPSS

The Hacker News•added 2014/02/24 1:46 a.m.•11 views

Hacking Team sold Spyware to 21 Countries; Targeting Journalists and Human Right Activists

Spying on the world by injecting sophisticated backdoors in software, systems, and mobile phones, leads to violation of the Privacy and Security of every individual. Yes, we are talking about Surveillance, but this time not about NSA. Instead, Countries including some with poor human-rights recor...

ICS•added 2014/02/13 7:0 a.m.•51 views

Yokogawa Multiple Products Vulnerabilities

OVERVIEW Yokogawa reports that several buffer overflow vulnerabilities affect several of its products. Juan Vazquez of Rapid7 Inc.,Rapid7 Inc., http://www.rapid7.com, web site last accessed May 13, 2014. and independent researcher Julian Vilas Diaz reported to CERT/CC that they identified several...

9.3CVSS8AI score0.36035EPSS

Exploits6References10

Tenable Nessus•added 2014/02/05 12:0 a.m.•18 views

Cisco Secure ACS Portal Interface Session Hijacking

The version of Cisco Secure Access Control System ACS on the remote host is affected by a vulnerability in the Portal Interface. Due to insufficient session management, this could allow a remote, authenticated attacker to perform actions in the portal with the privileges of another user. C Tenabl...

5.5CVSS5.5AI score0.01426EPSS