Siemens Scalance W-7xx Product Family Multiple Vulnerabilities

OVERVIEW Siemens has identified multiple vulnerabilities in the Siemens Scalance W-7xx product family and reported them to ICS-CERT. A software update has been produced by Siemens that mitigates these vulnerabilities. Siemens has tested the software update to validate that it resolves the...

3S CoDeSys Gateway Server Crafted Packet Stack Overflow

Added: 04/29/2013 CVE: CVE-2012-4708 BID: 58032 OSVDB: 90371 Background Smart Software Solutions GmbH 3S manufactures CoDeSys Gateway Server, a Supervisory Control and Data Acquisition/Human-Machine Interface SCADA/HMI product. The Gateway Server listens on TCP port 1211. Problem 3S CoDeSys Gatew...

CVE-2013-0207

Cross-site request forgery CSRF vulnerability in the Mark Complete module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Mark Complete module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...

CVE-2013-0207

Cross-site request forgery CSRF vulnerability in the Mark Complete module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...

CVE-2013-0207

The CVE-2013-0207 entry concerns Drupal's Mark Complete module (7.x-1.x) with a CSRF vulnerability in versions before 7.x-1.1 that could allow remote attackers to hijack user sessions. The issue is due to insufficient CSRF protections in the module’s AJAX/date-field update mechanism. Affected pro...

CVE-2013-0207

Cross-site request forgery CSRF vulnerability in the Mark Complete module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...

Foscam Firmware 11.37.2.48 Path Traversal

CVE-REQUEST Foscam = 11.37.2.48 path traversal vulnerability Summary: Foscam firmware = 11.37.2.48 is prone to a path traversal vulnerability in the embedded web interface. The unauthenticated attacker can access to the entire filesystem and steal web & wifi credentials. Details: GET...

Buffalo TeraStation Multiple Security Vulnerabilities (Jan 2013)

Buffalo TeraStation is prone to an arbitrary file download and an arbitrary command-injection vulnerability because it fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyrigh...

Microsoft .NET Framework CVE-2013-0003 Remote Privilege Escalation Vulnerability

Description Microsoft .NET Framework is prone to a remote privilege-escalation vulnerability. An attackers can exploit this issue to gain escalated privileges within the context of the application; this results in complete control of the affected system. Technologies Affected Microsoft .NET...

Charybdis: Improper assumptions in the server handshake code may lead to a remote crash

Access vector: network Access complexity: low Authentication requirement: none Confidentiality impact: none Integrity impact: none Availability impact: complete CVSSv2 temporal score: 6.4 Exploitability: functional exploit exists Remediation level: official fix Report confidence: confirmed Summar...

Smartphone Pentest Framework - Multiple Remote Command Execution Vulnerabilities

source: https://www.securityfocus.com/bid/56881/info Smartphone Pentest Framework is prone to multiple remote command-execution vulnerabilities. Remote attackers can exploit these issues to execute arbitrary commands within the context of the vulnerable application to gain root access. This may...

Smartphone Pentest Framework - Multiple Remote Command Execution Vulnerabilities

Smartphone Pentest Framework - Multiple Remote Command Execution Vulnerabilities source: https://www.securityfocus.com/bid/56881/info Smartphone Pentest Framework is prone to multiple remote command-execution vulnerabilities. Remote attackers can exploit these issues to execute arbitrary commands...

[SECURITY] Fedora 16 Update: libssh-0.5.3-1.fc16

The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote...

[SECURITY] Fedora 18 Update: jabberd-2.2.17-1.fc18

The jabberd project aims to provide an open-source server implementation of the Jabber protocols for instant messaging and XML routing. The goal of this project is to provide a scalable, reliable, efficient and extensible server that provides a complete set of features and is up to date with the...

Google Updates Chrome for Android, Fixes Several Vulnerabilities

Google has issued a security update for its Chrome operating system on Android devices, resolving seven medium-risk vulnerabilities and paying out a total of $3,500 in rewards to two researchers. On the Google Chrome Blog, software engineer Jay Civelli wrote that the update strengthens Chrome for...

Safari < 6.0 Multiple Vulnerabilities

Binary data 6522.prm...

Microsoft Windows CVE-2012-1893 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Technologies Affected...

Microsoft Windows CVE-2012-1864 Local Privilege Escalation Vulnerability

Description Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Technologies Affected...

Websense Triton 'ws_irpt.exe' RCE Vulnerability

Exploit for cgi platform in category web applications Source: http://www.securityfocus.com/bid/51086/info Websense Triton is prone to a remote command-execution vulnerability. An attacker can exploit this issue to execute arbitrary commands with SYSTEM-level privileges. Successfully exploiting th...