4670 matches found
Design/Logic Flaw
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product all references, all versions prior to firmware V1.6.2.0. The vulnerability allows unauthorized users to decode the password using rainbow table...
CVE-2018-7792
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product all references, all versions prior to firmware V1.6.2.0. The vulnerability allows unauthorized users to decode the password using rainbow table...
RHEL 5 : nss (RHSA-2017:1101)
An update for nss is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
Schneider Electric Modicon M221 Password Decoding Vulnerability
The Modicon M221 is a logic controller from Schneider Electric. A password decoding vulnerability exists in the Schneider Electric Modicon M221 with firmware versions lower than 1.6.2.0, which can be exploited by an unauthorized user to decode passwords using a rainbow table...
Threat Analysis: Recent Attack Technique Leveraging cmd.exe and PowerShell Demonstrates How Attackers Are Using Trusted Microsoft Applications for Malicious Behavior
An attack leveraging cmd.exe and PowerShell was recently investigated by Cb ThreatSight analysts. Our initial investigation discovered that a batch file was executed on the targeted system. This batch file then invoked PowerShell with a base64 encoded command. Decoding the command revealed a seri...
FortiWeb Recursive URL Decoding is not enabled by default
FortiWeb's "Recursive URL Decoding" feature can detect URL-based attacks among which XSS and SQL injection attempts even when the malicious URL is recursively encoded. However, this feature is not enabled by default in FortiWeb's system settings for FortiWeb version 6.0.0 and below...
Picking Apart Remcos Botnet-In-A-Box
This blog post was authored by Edmund Brumaghin and Holger Unterbrink with contributions from Eric Kuhla and Lilia Gonzalez Medina. Overview Cisco Talos has recently observed multiple campaigns using the Remcos remote access tool RAT that is offered for sale by a company called Breaking Security...
Hardcoded credentials
apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the "Cannot upload executable files" protection mechanism...
WebRTC - VP8 Block Decoding Use-After-Free Exploit
Exploit for multiple platform in category dos / poc There is a use-after-free in VP8 block decoding in WebRTC. The contents of the freed block is then treated a pointer, leading to a crash in WebRTC. ==20098==ERROR: AddressSanitizer: heap-use-after-free on address 0x6330000a9491 at pc...
Null pointer dereference
A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image...
UBUNTU-CVE-2016-9572
A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image...
DEBIAN-CVE-2016-9572
A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image...
CVE-2016-9572
A NULL pointer dereference flaw was found in the way openjpeg 2.1.2 decoded certain input images. Due to a logic error in the code responsible for decoding the input image, an application using openjpeg to process image data could crash when processing a crafted image...
WebRTC - VP8 Block Decoding Use-After-Free
WebRTC - VP8 Block Decoding Use-After-Free There is a use-after-free in VP8 block decoding in WebRTC. The contents of the freed block is then treated a pointer, leading to a crash in WebRTC. ==20098==ERROR: AddressSanitizer: heap-use-after-free on address 0x6330000a9491 at pc 0x0000014cde2f bp...
WebRTC - VP8 Block Decoding Use-After-Free
There is a use-after-free in VP8 block decoding in WebRTC. The contents of the freed block is then treated a pointer, leading to a crash in WebRTC. ==20098==ERROR: AddressSanitizer: heap-use-after-free on address 0x6330000a9491 at pc 0x0000014cde2f bp 0x7ff20616d7e0 sp 0x7ff20616d7d8 READ of size...
CVE-2016-8622
CVE-2016-8622 affects curl/libcurl’s URL percent-encoding decode path. The curl_easy_unescape function may allocate a destination buffer larger than 2 GB but store the result length in a signed 32‑bit int, causing length truncation or negative values. This can lead to writing outside the heap. Pu...
CVE-2017-7482
In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and...
PT-2018-1525
Name of the Vulnerable Software and Affected Versions Modicon M221 versions prior to V1.6.2.0 Description A Permissions, Privileges, and Access Control issue exists, allowing unauthorized users to decode passwords using a rainbow table. This could enable a remote attacker to exploit the...
Buffer Overflow
libcurl.so is vulnerable to buffer overflows. The application does not properly allocate memory when decoding URL percent-encoding, allowing a malicious user to send a large URL to cause a buffer overflow, crash the application or causing arbitrary code to be executed...
UBUNTU-CVE-2018-13348
The mpatchdecode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining after the current position in the patch data, but actually are not, aka OVE-20180430-0001...