1958 matches found
DumpsterFire - "Security Incidents In A Box!" A Modular, Menu-Driven, Cross-Platform Tool For Building Customized, Time-Delayed, Distributed Security Events
DumpsterFire Toolset - "Security Incidents In A Box!" The DumpsterFire Toolset is a modular, menu-driven, cross-platform tool for building repeatable, time-delayed, distributed security events. Easily create custom event chains for Blue Team drills and sensor / alert mapping. Red Teams can create...
CVE-2019-13527
In Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Versions 16.00.00 and earlier, a maliciously crafted Arena file opened by an unsuspecting user may result in the use of a pointer that has not been initialized...
Null pointer dereference
In Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Versions 16.00.00 and earlier, a maliciously crafted Arena file opened by an unsuspecting user may result in the use of a pointer that has not been initialized...
CVE-2019-13527
CVE-2019-13527 affects Rockwell Automation Arena Simulation Software Cat. 9502-Ax (versions 16.00.00 and earlier). The issue is a parsing flaw where a pointer is used without initialization when processing Arena DOE files, potentially enabling remote code execution. Exploitation typically require...
CVE-2019-13527
In Rockwell Automation Arena Simulation Software Cat. 9502-Ax, Versions 16.00.00 and earlier, a maliciously crafted Arena file opened by an unsuspecting user may result in the use of a pointer that has not been initialized...
Rockwell Automation Arena Simulation DOE File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...
PT-2019-13385 · Rockwell Automation · Arena Simulation
Name of the Vulnerable Software and Affected Versions: Rockwell Automation Arena Simulation Software versions prior to 16.00.01 Description: A maliciously crafted program file opened by an unsuspecting user may result in the limited exposure of information related to the targeted workstation...
PT-2019-13387 · Rockwell Automation · Arena Simulation
Name of the Vulnerable Software and Affected Versions: Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier Description: A maliciously crafted program file opened by an unsuspecting user may result in the limited exposure of information related to the targeted workstation...
Rockwell Automation Arena Simulation DOE File Parsing Type Confusion Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...
Rockwell Automation Arena Simulation DOE File Insufficient UI Warning Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation Arena Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...
New 4CAN tool helps identify vulnerabilities in on-board car computers
By Alex DeTrano, Jason Royes, and Matthew Valites. Executive summary Modern automobiles contain hundreds of sensors and mechanics that communicate via computers to understand their surrounding environment. Those components provide real-time information to drivers, connect the vehicle to a global...
Rockwell Automation Arena Simulation Software Information Disclosure Vulnerability
Rockwell Automation Arena Simulation Software is a suite of simulation software from Rockwell Automation that provides 3D animation and graphics capabilities. An information disclosure vulnerability exists in Rockwell Automation Arena Simulation Software for Manufacturing Cat. 9502-Ax versions...
CVE-2019-13510
Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code...
Design/Logic Flaw
Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code...
Design/Logic Flaw
Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain an INFORMATION EXPOSURE CWE-200. A maliciously crafted Arena file opened by an unsuspecting user may result in the limited exposure of information related to the targeted workstation...
CVE-2019-13510
CVE-2019-13510 affects Rockwell Automation Arena Simulation Software up to version 16.00.00. The connected sources indicate a USE AFTER FREE (CWE-416) in Arena files opened by a user, which can cause the application to crash or, in the worst case, execute arbitrary code. The vulnerability impact ...
CVE-2019-13510
Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain a USE AFTER FREE CWE-416. A maliciously crafted Arena file opened by an unsuspecting user may result in the application crashing or the execution of arbitrary code...
CVE-2019-13511
CVE-2019-13511 affects Rockwell Automation Arena Simulation Software up to version 16.00.00. ZDI advisories describe use-after-free vulnerabilities in DOE file parsing (and related project file handling) that allow remote code execution when a user opens a malicious file or visits a malicious pag...
CVE-2019-13511
Rockwell Automation Arena Simulation Software versions 16.00.00 and earlier contain an INFORMATION EXPOSURE CWE-200. A maliciously crafted Arena file opened by an unsuspecting user may result in the limited exposure of information related to the targeted workstation...
UPDATE: Infection Monkey 1.6.3
PenTestIT RSS Feed Some days ago, Infection Monkey 1.6.3 was released. The first post about this tool can be found in a post titled the List of Adversary Emulation Tools. This is a small bugfix release, mostly around integration and packaging. It contains two user facing changes as well. What is...