CVE-2012-5424

CVE-2012-5424 affects Cisco Secure Access Control System (ACS) 5.x prior to 5.2 Patch 11 and 5.3 prior to 5.3 Patch 7. When configured with LDAP as external identity store and TACACS+ for authentication, the system fails to properly validate the user-supplied password, enabling an unauthenticated...

CVE-2012-5424

Cisco Secure Access Control System ACS 5.x before 5.2 Patch 11 and 5.3 before 5.3 Patch 7, when a certain configuration involving TACACS+ and LDAP is used, does not properly validate passwords, which allows remote attackers to bypass authentication by sending a valid username and a crafted passwo...

SIEMENS Sipass Integrated 2.6 Ethernet Bus - Arbitrary Pointer Dereference

SIEMENS Sipass Integrated 2.6 Ethernet Bus - Arbitrary Pointer Dereference IOActive Security Advisory Title: SIEMENS Sipass Integrated 2.6 Ethernet Bus Arbitrary Pointer Dereference Severity: Critical Discovered by: Lucas Apa Date Reported: 09/11/12 CVE: TBD Siemens Advisory: SSA-938777...

Slackware Advisory SSA:2003-345-01 cvs security update

The remote host is missing an update as announced via advisory SSA:2003-345-01. OpenVAS Vulnerability Test $Id: esoftslkssa200334501.nasl 6598 2017-07-07 09:36:44Z cfischer $ Description: Auto-generated from the corresponding slackware advisory Authors: Thomas Reinke Copyright: Copyright c 2012...

Slackware Advisory SSA:2004-108-02 cvs security update

The remote host is missing an update as announced via advisory SSA:2004-108-02. OpenVAS Vulnerability Test $Id: esoftslkssa200410802.nasl 6598 2017-07-07 09:36:44Z cfischer $ Description: Auto-generated from the corresponding slackware advisory Authors: Thomas Reinke Copyright: Copyright c 2012...

Slackware: Security Advisory (SSA:2004-108-02)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for ikiwiki FEDORA-2012-7976

Check for the Version of ikiwiki OpenVAS Vulnerability Test Fedora Update for ikiwiki FEDORA-2012-7976 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

ICS-CERT Warns of Serious Flaws in Tridium Niagara Software

The DHS and ICS-CERT are warning users of some popular Tridium Niagara AX industrial control system software about a series of major vulnerabilities in the applications that are remotely exploitable and could be used to take over vulnerable systems. The bugs, discovered by researchers Billy Rios...

Emerson DeltaV Buffer Overflow

Overview ICS-CERT originally released Advisory ICSA-12-265-01P on the US-CERT Portal on September 21, 2012. This web page release was delayed to provide the vendor time to contact customers concerning this information. Researcher Kuang-Chun Hung of the Security Research and Service...

Siemens S7-1200 Insecure Storage of HTTPS CA Certificate

Overview Siemens has reportedSSA-240718, http://www.siemens.com/corporate-technology/en/research-areas/siemens-cert-security-advisories.htm, Web site last accessed September 19, 2012 an insecure HTTPS certificate storage vulnerability in Siemens’ S7-1200 v2.x. Siemens has provided guidance to...

InduSoft ISSymbol ActiveX Control Buffer Overflow

Overview ICS-CERT received a report from Indusoft and the Zero Day Initiative ZDI concerning a heap-based buffer overflow vulnerability affecting the InduSoft ISSymbol ActiveX control. This vulnerability was reported to ZDI by security researcher Alexander Gavrun. Successful exploitation of this...

Fedora Update for ikiwiki FEDORA-2012-8151

Check for the Version of ikiwiki OpenVAS Vulnerability Test Fedora Update for ikiwiki FEDORA-2012-8151 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

CVE-2011-4014

The TAC Case Attachment tool in Cisco Wireless Control System WCS 7.0 allows remote authenticated users to read arbitrary files under webnms/Temp/ via unspecified vectors, aka Bug ID CSCtq86807...

CVE-2011-4014

The TAC Case Attachment tool in Cisco Wireless Control System WCS 7.0 allows remote authenticated users to read arbitrary files under webnms/Temp/ via unspecified vectors, aka Bug ID CSCtq86807...

CVE-2011-4014

CVE-2011-4014 affects Cisco Wireless Control System (WCS) 7.0, via the TAC Case Attachment tool. The vulnerability allows remote authenticated users to read arbitrary files under webnms/Temp/ through unspecified vectors (Bug ID CSCtq86807). The available sources (NVD entry and Cisco notes) confir...

Tough Love Triumphs: SCADA Vendor Koyo Fixes Basecamp Bugs

Industrial control system vendor Koyo moved to fix vulnerabilities in its ECOM brand programmable logic controllers PLCs after researchers, in January, revealed that the devices were vulnerable to brute force password guessing attacks. The Department of Homeland Security’s ICS Industrial Control...

Fedora Update for cvs FEDORA-2012-1383

Check for the Version of cvs OpenVAS Vulnerability Test Fedora Update for cvs FEDORA-2012-1383 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of t...

Measuresoft ScadaPro DLL Hijack

Overview Independent researcher Carlos Mario Penagos Hollmann identified a remotely exploitable, uncontrolled search path element vulnerability, commonly referred to as a DLL hijack, in Measuresoft’s ScadaPro application. Measuresoft has produced an upgrade to address this vulnerability. Mr...

Video: Expert Proves Stuxnet's Link To Iran Nuclear Facilities

When Ralph Langner, an independent security researcher, presented his analysis of specialized code used by the Stuxnet worm to an audience of his peers at the S4 Conference in Miami last month, it was a chance to get down in the weeks with one of the world’s top experts on Stuxnet and threats to...

GE Intelligent Platforms Proficy HTML Help Vulnerabilities

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: GE Equipment: Intelligent Platforms Vulnerabilities: Stack-based Buffer Overflow, Command Injection 2. UPDATE INFORMATION This updated advisory is a follow-up to the original advisory titled...