4293 matches found
Environmental Systems Corporation Data Controllers Vulnerabilities (Update B)
OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-16-147-01A Environmental Systems Corporation Data Controllers Vulnerabilities that was published June 2, 2016, on the NCCIC/ICS-CERT web site. Independent researcher Maxim Rupp has identified data controller...
GE Proficy HMI SCADA CIMPLICITY Privilege Management Vulnerability
OVERVIEW Zhou Yu of Acorn Network Security identified an improper privilege management vulnerability and recently released exploit code for the GE Proficy HMI/SCADA CIMPLICITY application without coordination with ICS-CERT, the vendor, or any other coordinating entity known to ICS-CERT. GE produc...
Environmental Systems Corporation Data Controllers Vulnerabilities
OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-16-147-01A Environmental Systems Corporation Data Controllers Vulnerabilities that was published June 2, 2016, on the NCCIC/ICS-CERT web site. Independent researcher Maxim Rupp has identified data controller...
Moderate: Red Hat Security Advisory: sudo security, bug fix, and enhancement update
Updated sudo packages that fix one security issue, three bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
PT-2015-3402 · Openssh +6 · Openssh +6
Name of the Vulnerable Software and Affected Versions: OpenSSH versions prior to 6.9 Description: The issue is related to the x11 open helper function in channels.c in ssh, which lacks a check of the refusal deadline for X connections when ForwardX11Trusted mode is not used. This makes it easier...
Fwd: REWTERZ-20140103 - ManageEngine ServiceDesk Plus User Privileges Management Vulnerability
================================================================================ REWTERZ-20140103 - Rewterz - Security Advisory ================================================================================ Title: ManageEngine ServiceDesk Plus User Privileges Management Vulnerability Product:...
ManageEngine ServiceDesk Plus 9.0 Privilege Escalation Vulnerability
ManageEngine ServiceDesk Plus version 9.0 prior to build 9031 suffers from a remote privilege escalation vulnerability due to improper access controls. Title: ManageEngine ServiceDesk Plus User Privileges Management Vulnerability Product: ServiceDesk Plus http://www.manageengine.com/ Affected...
ManageEngine ServiceDesk Plus 9.0 Privilege Escalation
================================================================================ REWTERZ-20140103 - Rewterz - Security Advisory ================================================================================ Title: ManageEngine ServiceDesk Plus User Privileges Management Vulnerability Product:...
xEpan 1.0.4 - Multiple Vulnerabilities
Exploit Title: Multiple Vulnerability xEpan 1.0.4 Google Dork: not yet Date: 2014-11-27 Exploit Author: Parikesit , Kurawa In Disorder Vendor Homepage: http://xepan.org Software Link: http://www.xepan.org/index.php?subpage=download Version: 1.0.4 Tested on: Windows 7 Ultimate Vulnerability Type:...
Ecava IntegraXor < 4.2.4458 Multiple Vulnerabilities
Binary data scadaintegraxor424458.nbin...
qibocms 多个系统同一原因的sql注入
简要描述: 因为qibocms 拥有很多系统。 看了看昨天发的那个洞 今天再下载了几个qibo其他的系统 发现有一部分系统存在该洞。 鉴于之前qibocms打补丁的时候总是打了几个系统 而遗漏了其他几个系统。 就把存在这洞的系统全部一个一个的写出来。 详细说明: 统一来看看全局文件 $POST=AddS$POST; $GET=AddS$GET; $COOKIE=AddS$COOKIE; function AddS$array foreach$array as $key=$value if!isarray$value $value=strreplace"&x","& x",$value;...
ManageEngine ServiceDesk Plus 8.0.0 Build 8013 Improper User Privileges
No description provided by source. ================================================================================ Secur-I Research Group Security Advisory SRG-2011-002 ================================================================================ Title : ManageEngine ServiceDesk Plus Improper...
SGI IRIX <= 6.2 cdplayer Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/333/info A vulnerability exists in the /usr/bin/X11/cdplayer application as shipped with SGI's IRIX operating system. By failing to shed root privileges, and creating arbitrary directories as root, cdplayer allows arbitra...
CVE-2013-4831
HP Service Manager 9.30 through 9.32 does not properly manage privileges, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors...
Design/Logic Flaw
HP Service Manager 9.30 through 9.32 does not properly manage privileges, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors...
CVE-2013-4831
HP Service Manager 9.30 through 9.32 does not properly manage privileges, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors...
Supermicro IPMI based on ATEN firmware contain multiple vulnerabilities
Overview Supermicro Intelligent Platform Management Interface IPMI implementations based on ATEN firmware contain multiple vulnerabilities in their web management interface. Description CWE-121: Stack-based Buffer Overflow - CVE-2013-3607The Supermicro IPMI web interface contains multiple buffer...
Oracle Java Security Enhancements Get Mixed Reviews
Oracle is working hard to restore some faith in the security of the Java browser plug-in with a number of enhancements announced yesterday, specifically to in-house code testing, as well as policy changes regarding signed applets and certificate validation. But after a miserable year of targeted...
CVE-2013-1836
Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not properly manage privileges for WebDAV repositories, which allows remote authenticated users to read, modify, or delete arbitrary site-wide repositories by leveraging certain read access...
CVE-2013-1836
CVE-2013-1836 affects Moodle 2.x up to 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2. Root cause: Moodle does not properly manage privileges for WebDAV repositories, allowing remote authenticated users to read, modify, or delete arbitrary site-wide repositories by leverag...