Siemens Simatic S7-300/400 - CPU START/STOP Module (Metasploit)

Exploit Title: Siemens Simatic S7 300/400 CPU command module Date: 7-13-2012 Exploit Author: Dillon Beresford Vendor Homepage: http://www.siemens.com/ Tested on: Siemens Simatic S7-300 PLC CVE : None require 'msf/core' class Metasploit3 'Siemens Simatic S7-300/400 CPU START/STOP Module',...

Siemens Simatic S7-300400 - CPU STARTSTOP Module (Metasploit)

Siemens Simatic S7-300400 - CPU STARTSTOP Module Metasploit Exploit Title: Siemens Simatic S7 300/400 CPU command module Date: 7-13-2012 Exploit Author: Dillon Beresford Vendor Homepage: http://www.siemens.com/ Tested on: Siemens Simatic S7-300 PLC CVE : None require 'msf/core' class Metasploit3...

Siemens Simatic S7-300/400 CPU START/STOP Module

Exploit for hardware platform in category remote exploits Exploit Title: Siemens Simatic S7 300/400 CPU command module Date: 7-13-2012 Exploit Author: Dillon Beresford Vendor Homepage: http://www.siemens.com/ Tested on: Siemens Simatic S7-300 PLC CVE : None require 'msf/core' class Metasploit3...

Siemens Simatic S7-1200 CPU START/STOP Module

Exploit for hardware platform in category remote exploits Exploit Title: Siemens Simatic S7 1200 CPU command module Date: 7-13-2012 Exploit Author: Dillon Beresford Vendor Homepage: http://www.siemens.com/ Tested on: Siemens Simatic S7-1200 PLC CVE : None require 'msf/core' class Metasploit3...

Schneider Modicon Remote START/STOP Command

The Schneider Modicon with Unity series of PLCs use Modbus function code 90 0x5a to perform administrative commands without authentication. This module allows a remote user to change the state of the PLC between STOP and RUN, allowing an attacker to end process control by the PLC. This module is...

FlashFXP v4.1.8.1701缓冲区溢出漏洞

FlashFXP是一款流行的FTP客户端 FlashFXP v4.1.8.1701在TListBox控件中使用固定长度缓冲区时缺少长度检查，在实现上存在缓冲区溢出漏洞，可导致控制进程、执行任意代码、系统控制 0 FlashFXP 4.1.8.1701 厂商补丁： FlashFXP -------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.flashfxp.com/...

CVE-2011-1914

Buffer overflow in the Advantech ADAM OLE for Process Control OPC Server ActiveX control in ADAM OPC Server before 3.01.012, Modbus RTU OPC Server before 3.01.010, and Modbus TCP OPC Server before 3.01.010 allows remote attackers to execute arbitrary code via unspecified vectors...

Authentication flaw

CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control...

CVE-2011-4051

CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control...

InduSoft WebStudio Unauthenticated Remote Operations Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Web Studio. Authentication is not required to exploit this vulnerability. The flaw exists within the Remote Agent component CEServer.exe which listens by default on TCP port 4322. When...

IGSS Data Server Directory Traversal Arbitrary File Access

Binary data scadaigssdirtraversal.nbin...

[Full-disclosure] CORE-2008-0125: CitectSCADA ODBC service vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ CitectSCADA ODBC service vulnerability Advisory Information Title: CitectSCADA ODBC service vulnerability Advisory ID: CORE-2008-0125 Advisory URL:...

Server side request forgery (ssrf)

Gesytec Easylon OPC Server before 2.3.44 does not properly validate server handles, which allows remote attackers to execute arbitrary code or cause a denial of service via unspecified network traffic to the OLE for Process Control OPC interface, probably related to free operations on arbitrary...

CVE-2007-1319

Unspecified vulnerability in the IOPCServer::RemoveGroup function in the OPCDA interface in Takebishi Electric DeviceXPlorer OLE for Process Control OPC Server before 3.12 Build3 allows remote attackers to execute arbitrary code via unspecified vectors involving access to arbitrary memory. NOTE:...

Code injection

Unspecified vulnerability in the IOPCServer::RemoveGroup function in the OPCDA interface in Takebishi Electric DeviceXPlorer OLE for Process Control OPC Server before 3.12 Build3 allows remote attackers to execute arbitrary code via unspecified vectors involving access to arbitrary memory. NOTE:...

CVE-2007-1319

The CVE refers to an arbitrary code execution vulnerability in the Takebishi DeviceXPlorer OPC Server family (HIDIC, SYSMAC, MELSEC, FA-M3, MODBUS) via the OPC DA interface. The issue stems from the server implementation of the IOPCServer::RemoveGroup method, which can access arbitrary memory and...

Convert-UUlib 1.041.05 Perl Module - Remote Buffer Overflow

Convert-UUlib 1.041.05 Perl Module - Remote Buffer Overflow source: https://www.securityfocus.com/bid/13401/info Convert-UUlib Perl module is prone to a remotely exploitable buffer-overflow vulnerability. A remote attacker may leverage this condition to overwrite sensitive program control variabl...

Convert-UUlib 1.04/1.05 Perl Module - Remote Buffer Overflow

source: https://www.securityfocus.com/bid/13401/info Convert-UUlib Perl module is prone to a remotely exploitable buffer-overflow vulnerability. A remote attacker may leverage this condition to overwrite sensitive program control variables and thus gain control of the process's execution flow. Th...

sudoscript -- signal delivery vulnerability

If non-root access is enabled in sudoscript, any member of the ssers group can send a SIGHUP signal to any process...

Trend Micro PC-cillin 200020022003 - Mail Scanner Buffer Overflow

Trend Micro PC-cillin 200020022003 - Mail Scanner Buffer Overflow source: https://www.securityfocus.com/bid/6350/info A buffer overflow vulnerability has been reported for PC-cillin's mail scanning utility. An attacker can exploit this vulnerability by connecting to a vulnerable pop3trap.exe...