340 matches found
Siemens SICAM MIC Authentication Bypass Vulnerability
OVERVIEW Siemens has identified an authentication bypass vulnerability in its SICAM MIC telecontrol device. This vulnerability was reported directly to Siemens by Philippe Oechslin from Objectif Sécurité. Siemens has produced a new firmware update to mitigate this vulnerability. This vulnerabilit...
Moxa SoftCMS Buffer Overflow Vulnerability
OVERVIEW NCCIC/ICS-CERT received a report from HP’s Zero Day Initiative ZDI concerning a buffer overflow vulnerability in Moxa’s SoftCMS software package. This vulnerability was reported to ZDI by security researcher Ariele Caltabiano. Moxa has produced a new version that mitigates this...
Moxa VPort ActiveX SDK Plus Stack-Based Buffer Overflow Vulnerability
OVERVIEW HP’s Zero Day Initiative ZDI reports that independent researcher Ariele Caltabiano has identified a stack-based buffer overflow vulnerability in the Moxa VPort ActiveX SDK Plus application. Moxa has produced an update that mitigates this vulnerability. This vulnerability could be exploit...
Isowall - A mini-firewall that completely isolates a target device from the local network
This is a mini-firewall that completely isolates a target device from the local network. This is for allowing infected machines Internet access, but without endangering the local network. Building This project depends upon libpcap, and of course a C compiler. On Debian, the following should work:...
Ammyy Admin 3.5 - RCE
No description provided by source. Mirror: http://www.exploit-db.com/sploits/aa0day.zip The Revenge of the Scammers This exploit is an 0day in Ammyy Admin http://www.ammyy.com/en/ a remote desktop type software that is well known for being the software that many fake tech support phone scammers...
Canada NRC Hit by Apparent Chinese Cyber Attack
One of Canada’s premier research and technology organizations was hit with a cyber-attack recently that forced the cooperative offline; the attack – which appears to be Chinese in origin – was so serious the organization is being forced to rebuild its entire system. The National Research Council ...
The HeartBleed vulnerability: the bloody appearance is a peaceful-vulnerability warning-the black bar safety net
The recent Heart bleed vulnerability on the Internet set off a Xuan however huge wave, as the basis for security software major loopholes, far-reaching, the major Internet company, party A and party B, white hat and even CCTV and other media all act together against the common enemy, the race to...
Windows XP End of Life Breeding FUD, Legit Concerns
For those of you anticipating the start of a Walking Dead-style malware apocalypse next Tuesday, calm yourselves. The official end of security support for Windows XP is upon us, but it’s important to check some anxiety at the door and keep some perspective. “I’ve been a forensics investigator 14...
Schneider Electric OPC Factory Server Buffer Overflow
OVERVIEW Researcher Wei Gao, formerly of IXIA, has identified a buffer overflow vulnerability in the Schneider Electric OPC Factory Server OFS application. Schneider Electric has produced a patch that mitigates this vulnerability. Wei Gao has tested the patch to validate that it resolves the...
IOServer DNP3 Improper Input Validation
OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified improper input validation in IOServer’s DNP3 driver software. IOServer has produced an updated software version that mitigates this vulnerability. Adam Crain and Chris Sistrunk updated and tested this versi...
Password Cracker Targets Siemens S7 PLCs
Siemens S7 programmable logic controllers, the same PLC family exploited by the Stuxnet malware, are in the crosshairs of a password-cracking tool that is capable of stealing credentials from industrial control systems. PLCs are microprocessors that automate mechanical processes inside factories,...
DSA-2305-1 vsftpd - denial of service
Bulletin has no description...
Network access control system PacketFence 2.2 released !
PacketFence is a free and open source network access control NAC system. It can be used to effectively secure networks - from small to very large heterogeneous networks. PacketFence has been deployed in production environments where thousands of users are involved - on wired and wireless networks...
ICONICS Login ActiveX Vulnerability
Overview ICS-CERT has received a report from independent security researchers Billy Rios and Terry McCorkle concerning a vulnerability that affects ICONICS GENESIS32 and BizViz products. This vulnerability includes a crash in the Security Login controls used by GENESIS32 due to a buffer overflow...
VMSA-2008-0015 : Updated ESXi and ESX 3.5 packages address critical security issue in openwsman
a. Updated Openwsman Openwsman is a system management platform that implements the Web Services Management protocol WS-Management. It is installed and running by default. It is used in the VMware Management Service Console and in ESXi. The openwsman 2.0.0 management service on ESX 3.5 and ESXi 3....
Lessons Learned From the Aurora Attacks
It’s been more than two weeks now since the cyber-end of the cyber-world caused by the cyber-attacks on the cyber-networks of Google, Adobe and several other high tech companies, and amid all of the noise and hand-wringing there has been precious little in the way of cool, logical analysis of wha...
CitectSCADA ODBC service vulnerability
Advisory ID Internal CORE-2008-0125 Advisory Information Title: CitectSCADA ODBC service vulnerability Advisory ID: CORE-2008-0125 Advisory URL:https://www.coresecurity.com/core-labs/advisories/citect-scada-odbc-service-vulnerability Date published: 2008-06-11 Date of last update: 2008-06-10...
A comprehensive analysis of the firewall and the firewall of penetration-vulnerability warning-the black bar safety net
A firewall description A firewall is a function, it makes the internal network and the external network or the Internet, isolated from each other, in order to protect the internal network or host. A simple firewall may consist of Router,3 Layer Switch ACL access control list to act as, you can al...
Large enterprises within the network penetration of the common software has a breaking point-vulnerability warning-the black bar safety net
Some enterprise-level network, especially in Europe and the United States of large companies, the network structure of the General characteristics is the dmz Zone and the internal network is substantially isolated from the domain into the clear, the permissions are set meticulous and strict,...
The cafe of the machine, that does not allow you access to the Internet will not allow you access-the vulnerability warning-the black bar safety net
Author: pchoer QQ:3 5 8 2 5 8 2 Source:http://www. pchoer. com Today to thisthe cafeInternet access, and as usual look like, turn on some hack site to look at articles and what thenews. But do next to me a guy does not know is not brain problems, always explore his head to look at my screen, I ha...