USN-3697-2: Linux kernel (OEM) vulnerabilities

It was discovered that a null pointer dereference vulnerability existed in the DCCP protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service system crash. CVE-2018-1130 Jann Horn discovered that the 32 bit adjtimex syscall implementation for 64 bit...

Active Directory Reconnaissance: ADRecon

ADRecon is a tool which extracts various artifacts as highlighted below out of an AD environment in a specially formatted Microsoft Excel report that includes summary views with metrics to facilitate analysis. The report can provide a holistic picture of the current state of the target AD...

Sql injection

An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. There is a SQL Injection vulnerability via an admin/index.php/database/operate?dbaction=emptytable&tablename= URI...

CVE-2018-12912

An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. There is a SQL Injection vulnerability via an admin/index.php/database/operate?dbaction=emptytable&tablename= URI...

CVE-2018-12912

HongCMS 3.0.0 contains a SQL Injection vulnerability in admin/controllers/database.php, exploitable via the request admin/index.php/database/operate?dbaction=emptytable&tablename= (URI). Public exploit/activity references show an authenticated/remote-exploit path using this parameter to inject SQ...

CVE-2018-12912

An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. There is a SQL Injection vulnerability via an admin/index.php/database/operate?dbaction=emptytable&tablename= URI...

Cross site scripting

Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP JSON with Padding through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser...

Ecessa ShieldLink SL175EHQ < 10.7.4 - Cross-Site Request Forgery (Add Superuser) Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Ecessa ShieldLink SL175EHQ 10.7.4 - Cross-Site Request Forgery Add Superuser Vendor: Ecessa Corporation Product web page: https://www.ecessa.com Affected version: 10.7.4, 10.6.9, 10.7.4, 10.6.5.2, 10.5.4, 10.2.24, 9.2.24...

Ecessa ShieldLink SL175EHQ &lt; 10.7.4 - Cross-Site Request Forgery (Add Superuser)

Exploit Title: Ecessa ShieldLink SL175EHQ 10.7.4 - Cross-Site Request Forgery Add Superuser Date: 2018-05-21 Vendor: Ecessa Corporation Product web page: https://www.ecessa.com Affected version: 10.7.4, 10.6.9, 10.7.4, 10.6.5.2, 10.5.4, 10.2.24, 9.2.24 Summary: Ecessa's ShieldLink 60, 175, 600,12...

Ecessa ShieldLink SL175EHQ 10.7.4 CSRF Add Superuser Exploit

Summary Ecessa's ShieldLink 60, 175, 600,1200 & 4000 are advanced, yet highly affordable secure WAN Optimization Controllers that incorporate all of the ISP/WAN link. Description The application interface allows users to perform certain actions via HTTP requests without performing any validity...

Security Bulletin: GNU C library (glibc) vulnerability affects IBM SDN-VE Unified Controller and IBM SDN-VE Service Appliance (CVE-2015-0235)

Summary GNU C library glibc vulnerability that has been referred to as GHOST affects IBM SDN VE Unified Controller and IBM SDN VE Service Appliance. Vulnerability Details CVEID: CVE-2015-0235 DESCRIPTION:The gethostbyname functions of the GNU C Library glibc are vulnerable to a buffer overflow. B...

RSLinx Classic and FactoryTalk Linx Gateway - Privilege Escalation

Title: RSLinx Classic and FactoryTalk Linx Gateway - Privilege Escalation Date: 2017-12-11 Author: LiquidWorm Vendor: Rockwell Automation, Inc. Product web page: https://www.rockwellautomation.com Affected version: Rockwell Automation RSLinx Classic 3.90.01 Rockwell Automation RSLinx Classic...

Microsoft Windows: Network security: LAN Manager authentication level

This security setting determines which challenge/response authentication protocol is used for network logons. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers as follows: - Send ...

A Totally Tubular Treatise on TRITON and TriStation

Introduction In December 2017, FireEye's Mandiant discussed an incident response involving the TRITON framework. The TRITON attack and many of the publicly discussed ICS intrusions involved routine techniques where the threat actors used only what is necessary to succeed in their mission. For bot...

Multiple Yokogawa Product Security Bypass Vulnerabilities

Yokogawa FCJ and others are Yokogawa's controllers for network control systems. A security bypass vulnerability exists in multiple Yokogawa products. A remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service in the context of an affected device...

Remote Code Upload Vulnerability in DCCE MAC1100 PLCs

The MAC1100 PLC Programmable Logic Controller PLC is a product in the Dalian Computer Control DCCE Programmable Logic Controller PLC series. A remote code upload vulnerability exists in the DCCE MAC1100 PLC. An attacker can exploit this vulnerability to construct malicious control code, remotely...

PLCWinNT software suffers from a memory leak vulnerability

CoDeSys is a complete development environment for programmable logic control PLCs, in which simulation functions can be implemented by configuring the PLCWinNT software. A memory leak vulnerability exists in the PLCWinNT software that corresponds to the V2 version of CoDeSys. An attacker can...

Microsoft Windows 10: Shut down the system

This security setting determines if a user who is logged on locally to a device can shut down Windows. Shutting down domain controllers makes them unavailable to perform functions such as processing logon requests, processing Group Policy settings, and answering Lightweight Directory Access...

Delta Electronics PMSoft

1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION : Low skill level to exploit. Vendor : Delta Electronics Equipment : PMSoft Vulnerabilities : Multiple Stack-Based Buffer Overflow vulnerabilities 2. RISK EVALUATION Successful exploitation of these vulnerabilities could cause the application to crash;...

Goddi (Go Dump Domain Info) - Dumps Active Directory Domain Information

Based on work from Scott Sutherland @nullbind, Antti Rantasaari, Eric Gruber @egru, Will Schroeder @harmj0y, and the PowerView authors. Install Use the executables in the releases section. If you want to build it yourself, make sure that your go environment is setup according to the Go setup doc...