Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module Denial Of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module - Denial of Service', 'Description' = %q This module sends a specially crafted pack...

Security Bulletin: Reflected XSS in IBM Worklight OAuth Server Web Api

Summary A Reflected Cross Site Scripting XSS vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework. The vulnerable parameter is "scope", if you set as value a "realm"; not defined in authenticationConfig.xml you get an HTTP 403 Forbidden response...

Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module - Denial of Service

This module sends a specially crafted packet to port 50000/UDP causing a denial of service of the affected Siemens SIPROTEC 4 and SIPROTEC Compact 'Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module - Denial of Service', 'Description' = %q This module sends a specially crafted packet t...

Apache Solr 7.0.1 - XML External Entity Expansion / Remote Code Execution(CVE-2017-12629)

First Vulnerability: XML External Entity Expansion deftype=xmlparser Lucene includes a query parser that is able to create the full-spectrum of Lucene queries, using an XML data structure. Starting from version 5.1 Solr supports "xml" query parser in the search query. The problem is that lucene x...

“Phoenix Talon”in the Linux Kernel —lurking for over 11 years, the kernel vulnerability-vulnerability warning-the black bar safety net

! About “Phoenix Talon” 2017 5 November 9, qimingxing e ADLab found that the Linux kernel there is a remote vulnerability“Phoenix Talon”the Phoenix claw fourth toe of Italy, and relates to CVE-2017-8890, CVE-2017-9075, CVE-2017-9076, CVE-2017-9077, can affect almost all Linux kernel 2.5.69 Linux...

SonarQube Jenkins Password Disclosure

Advisory Information Title: SonarQube Jenkins Plugin - Plain Text Password Date published: 2013-12-05 Date of last update: 2013-12-05 Vendors contacted : SonarQube and Jenkins CI Discovered by: Christian Catalano Severity: High 2. Vulnerability Information CVE reference: CVE-2013-5676 CVSS v2...

Hexchat IRC Client 2.11.0 - Directory Traversal

Hexchat IRC Client 2.11.0 - Directory Traversal !/usr/bin/python Meta information Exploit Title: Hexchat IRC client - Server name log directory traversal Date: 2016-01-26 Exploit Author: PizzaHatHacker Vendor Homepage: https://hexchat.github.io/index.html Software Link:...

Innominate mGuard VPN Vulnerability

OVERVIEW Innominate mGuard has self identified a denial-of-service DoS vulnerability in the Innominate mGuard device. Inominate has produced a patch to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following mGuard versions are affected:...

Epicor Retail Store Help System 3.2.03.01.008 Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Title: Code Injection in Epicor Retail Store Help System CVE: CVE-2015-2210 Vendor: Epicor Product: CRS Retail Store v3.2.03.01.008 Affected version: 3.2.03.01.008 Reported by: Zeng Xianbo Joseph [email protected] Issue identified by: Zeng...

ESA-2015-056: EMC PowerPath Virtual Appliance Undocumented User Accounts Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2015-056: EMC PowerPath Virtual Appliance Undocumented User Accounts Vulnerability EMC Identifier: ESA-2015-056 CVE Identifier: CVE-2015-0529 Severity Rating: CVSS v2 Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N Affected products: • EMC PowerPath...

Ex Libris Patron Directory Services 2.1 Open Redirect

CVE-2014-7294 Ex Libris Patron Directory Services PDS Open Redirect Security Vulnerability Exploit Title: Ex Libris Patron Directory Services PDS Logon Page url Parameter Open Redirect Product: Ex Libris Patron Directory Services PDS Vendor: Ex Libris Vulnerable Versions: 2.1 and probability prio...

openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2011:0155-1)

Multiple vulnerabilities were fixed in java-160-openjdk : - CVE-2010-4448: CVSS v2 Base Score: 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N: DNS cache poisoning by untrusted applets - CVE-2010-4450: CVSS v2 Base Score: 3.7 AV:L/AC:H/Au:N/C:P/I:P/A:P: Launcher incorrect processing of empty library path entries ...

openSUSE Security Update : opera (openSUSE-SU-2010:0540-1)

This update of opera fixes the following vulnerabilities : - CVE-2010-2576: CVSS v2 Base Score: 6.8 CWE-94: unexpected changes in tab focus could be used to run programs from the Internet, as reported by Jakob Balle and Sven Krewitt of Secunia - CVE-2010-3019: CVSS v2 Base Score: 9.3 CWE-119: hea...

openSUSE Security Update : opera (openSUSE-SU-2011:0103-1)

Opera 11.01 fixes several critical security bugs : - CVE-2011-0681: CVSS v2 Base Score: 4.3 MEDIUM AV:N/AC:M/Au:N/C:N/I:P/A:N: Other CWE-Other - CVE-2011-0682: CVSS v2 Base Score: 9.3 HIGH AV:N/AC:M/Au:N/C:C/I:C/A:C: Buffer Errors CWE-119 - CVE-2011-0683: CVSS v2 Base Score: 4.3 MEDIUM...

Halon Security Router (SR) 3.2-winter-r1 - Multiple Vulnerabilities

Halon Security Router SR 3.2-winter-r1 - Multiple Vulnerabilities ADVISORY INFORMATION Advisory Name: Multiple Security Vulnerabilities in Halon Security Router Date published: 2014-04-07 Vendors contacted: Halon Security http://www.halon.se Researcher: Juan Manuel Garcia...

SpagoBI 4.0 - Persistent XSS Vulnerability

Exploit for php platform in category web applications 1. Vulnerability Information CVE reference: CVE-2013-6232 CVSS v2 Base Score: 4 CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N Component/s: SpagoBI Class: Input Manipulation 2. Introduction SpagoBI1 is an Open Source Business Intelligence suite,...

Schneider Electric IGSS Buffer Overflow

Overview Independent researcher Aaron Portnoy of Exodus Intelligence has identified a buffer overflow vulnerability in Schneider Electric’s Interactive Graphical SCADA System IGSS application. Schneider Electric has produced a patch that fully resolves this vulnerability. Aaron Portnoy has...

Top Server OPC Improper Input Validation Vulnerability

OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in the Software Toolbox TOP Server DNP Master OPC product. Software Toolbox has produced a new version that mitigates this vulnerability. The researchers have test...

WAGO IO 758 Default Linux Credentials

Overview This advisory updates the ICS-CERT Alert titled “ICS-ALERT-12-097-01 - WAGO IPC Vulnerabilities” that was posted on the ICS-CERT Web site on April 06, 2012. This alert detailed a vulnerability report of “hard-coded” credentials and improper access controls in the WAGO I/O System 758...

GarrettCom - Use of Hard-Coded Password

Overview Independent security researcher Justin W. Clarke of Cylance Inc. has identified a privilege-escalation vulnerability in the GarrettCom Magnum MNS-6K Management Software application via the use of a hard-coded password. This vulnerability could allow a remote attacker with any level of...