Siemens SIMATIC S7-1200 CSRF Vulnerability

OVERVIEW Siemens has identified an CSRF Cross-Site Request Forgery vulnerability in the SIMATIC S7‑1200 CPUs. This vulnerability was reported directly to Siemens by Ralf Spenneberg, Hendrik Schwartke, and Maik Brüggemann from OpenSource Training. Siemens has produced a firmware update to mitigate...

YASUO - Scans for Vulnerable & Exploitable 3rd-party Web Applications

Yasuo is a ruby script that scans for vulnerable 3rd-party web applications. While working on a network security assessment internal, external, redteam gigs etc., we often come across vulnerable 3rd-party web applications or web front-ends that allow us to compromise the remote server by exploiti...

http-vuln-cve2015-1635 NSE Script

Checks for a remote code execution vulnerability MS15-034 in Microsoft Windows systems CVE2015-2015-1635. The script sends a specially crafted HTTP request with no impact on the system to detect this vulnerability. The affected versions are Windows 7, Windows Server 2008 R2, Windows 8, Windows...

Sendio ESP Information Disclosure Vulnerability

1. Advisory Information Title: Sendio ESP Information Disclosure Vulnerability Advisory ID: CORE-2015-0010 Advisory URL: Date published: 2015-05-22 Date of last update: 2015-05-22 Vendors contacted: Sendio Release mode: Coordinated release 2. Vulnerability Information Class: OWASP Top Ten 2013...

WordPress Video Gallery 2.8 Unprotected Mail Page

Exploit Title : Wordpress Video Gallery 2.8 Unprotected Mail Page Exploit Author : Claudio Viviani Website Author: http://www.homelab.it http://archive-exploit.homelab.it/1 Full HomelabIT Vulns Archive Vendor Homepage : http://www.apptha.com/category/extension/Wordpress/Video-Gallery Software...

SUSE SLES10 Security Update : Mozilla Firefox (SUSE-SU-2013:0306-1)

Mozilla Firefox is updated to the 10.0.12ESR version. This is a roll-up update for LTSS. It fixes a lot of security issues and bugs. 10.0.12ESR fixes specifically : MFSA 2013-01: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other...

[CORE-2015-0009] - SAP LZC/LZH Compression Multiple Vulnerabilities

Advisory Information Title: SAP LZC/LZH Compression Multiple Vulnerabilities Advisory ID: CORE-2015-0009 Advisory URL: http://www.coresecurity.com/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities Date published: 2015-05-12 Date of last update: 2015-05-12 Vendors contacted: SAP Release...

Remotely Exploitable Vulnerabilities in SAP Compression Algorithms

The two primary compression algorithms used by SAP SE products, some of the most popular enterprise and business management software platforms on the market, contain multiple, remotely exploitable security vulnerabilities. Martin Gallo of Core Security Consulting Services found vulnerabilities in...

Out-of-bounds read and write in asm.js validation — Mozilla

Security researcher Dougall Johnson reported an out-of-bounds read and write in asm.js during JavaScript validation due to an error in how heap lengths are defined. This results in a potentially exploitable crash and could allow for the reading of random memory which may contain sensitive data...

SAP LZC/LZH Compression Multiple Vulnerabilities

Advisory ID Internal CORE-2015-0009 1. Advisory Information Title: SAP LZC/LZH Compression Multiple Vulnerabilities Advisory ID: CORE-2015-0009 Advisory URL:https://www.coresecurity.com/core-labs/advisories/sap-lzc-lzh-compression-multiple-vulnerabilities Date published: 2015-05-12 Date of last...

Use-after-free during text processing with vertical text enabled — Mozilla

Security researcher Scott Bell used the Address Sanitizer tool to discover a use-after-free error during the processing of text when vertical text is enabled. This leads to a potentially exploitable crash...

Buffer overflow and out-of-bounds read while parsing MP4 video metadata — Mozilla

Security researcher laf.intel reported a buffer overflow and out-of-bounds read in the libstagefright library while parsing invalid metadata in MPEG4 video files. This can lead to a potentially exploitable crash...

Buffer overflow with SVG content and CSS — Mozilla

Using the Address Sanitizer tool, security researcher Atte Kettunen found a buffer overflow during the rendering of SVG format graphics when combined with specific CSS properties on a page. This results in a potentially exploitable crash...

Use-after-free due to Media Decoder Thread creation during shutdown — Mozilla

Security researchers Tyson Smith and Jesse Schwartzentruber reported a use-after-free during the shutdown process. This was caused by a race condition when media decoder threads are created during the shutdown process in some circumstances. This leads to a potentially exploitable crash when...

Buffer overflow parsing H.264 video with Linux Gstreamer — Mozilla

Security researcher Aki Helin used the Address Sanitizer tool to find a buffer overflow during video playback on Linux systems. This was due to a problem in older versions of the Gstreamer plugin during the parsing of H.264 formatted video. This issue could be used to induce a possibly exploitabl...

Internet Bug Bounty: PHP yaml_parse/yaml_parse_file/yaml_parse_url Double Free

https://bugs.php.net/bug.php?id=69616 Description: ------------ The yaml parsing functions suffers from an exploitable double free caused by the error path for the phpvarunserialize call on line 797 of pecl/fileformats/yaml.git/parse.c: if ISNOTIMPLICITANDTAGISevent, YAMLPHPTAG const unsigned cha...

Grindr 2.1.1 Denial Of Service

Document Title: =============== Grindr 2.1.1 iOS Bug Bounty 2 - Denial of Service Software Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1418 Release Date: ============= 2015-05-02 Vulnerability Laboratory ID VL-ID:...

The vulnerability of the SUSE Linux Enterprise operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the libvorbis package in the SUSE Linux Enterprise operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely...

The multiple vulnerabilities in the mingw32-libxml2-static-2.7.6 package of the Red Hat Enterprise Linux operating system allow a malicious entity to compromise the confidentiality, integrity, and accessibility of protected information.

The multiple vulnerabilities in the mingw32-libxml2-static-2.7.6 package for the Red Hat Enterprise Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

The vulnerability of the Red Hat Enterprise Linux operating system allows malicious actors to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the polkit-docs-0.96 package in the Red Hat Enterprise Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited locally...