1001 matches found
CVE-2013-0671
Directory traversal vulnerability in Siemens WinCC TIA Portal 11 allows remote authenticated users to read HMI web-application source code and user-defined scripts via a crafted URL...
Directory traversal
Directory traversal vulnerability in Siemens WinCC TIA Portal 11 allows remote authenticated users to read HMI web-application source code and user-defined scripts via a crafted URL...
CVE-2013-0671
CVE-2013-0671 affects Siemens WinCC (TIA Portal) 11. The vulnerability is a Directory Traversal vulnerability in the HMI Web server, exploitable by manipulating the URL to read panel server-side source code and user-defined scripts. It requires authenticated access; exploitation is not remote wit...
Malicious Process Detection: User Defined Malware Running
Binary data wmimalwareusermd5s.nbin...
Debian Security Advisory DSA 2610-1 (ganglia - arbitrary script execution)
Insufficient input sanitization in Ganglia, a web based monitoring system, could lead to remote PHP script execution with permissions of the user running the web server. OpenVAS Vulnerability Test $Id: deb2610.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2610-1 using...
JBoss Enterprise Application Platform: org.jboss.as.ejb3: JBoss Enterprise Application Platform: Access restriction bypass via improper EJB method authorization
A flaw was found in JBoss Enterprise Application Platform. The processInvocation function within the org.jboss.as.ejb3.security.AuthorizationInterceptor component incorrectly authorizes all requests when no roles are defined for an Enterprise Java Beans EJB method invocation. This allows attacker...
JBoss Enterprise Application Platform: org.jboss.as.ejb3: JBoss Enterprise Application Platform: Access restriction bypass via improper EJB method authorization
A flaw was found in JBoss Enterprise Application Platform. The processInvocation function within the org.jboss.as.ejb3.security.AuthorizationInterceptor component incorrectly authorizes all requests when no roles are defined for an Enterprise Java Beans EJB method invocation. This allows attacker...
JBoss Enterprise Application Platform: org.jboss.as.ejb3: JBoss Enterprise Application Platform: Access restriction bypass via improper EJB method authorization
A flaw was found in JBoss Enterprise Application Platform. The processInvocation function within the org.jboss.as.ejb3.security.AuthorizationInterceptor component incorrectly authorizes all requests when no roles are defined for an Enterprise Java Beans EJB method invocation. This allows attacker...
SA-CONTRIB-2012-164 - Smiley module and Smileys module - Cross Site Scripting (XSS)
These modules enable you to substitutes text emoticons, like :-, with images. These modules don't sufficiently sanitize user defined smiley acronyms before displaying smiley images. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "administer...
Intercepting Traffic of widerange frequencies with HackRF Radio
At the ToorCon hacker conference in San Diego Saturday, Ossmann and his research partner Jared Boone plan to unveil a beta version of the HackRF Jawbreaker, the latest model of the wireless Swiss-army knife tools known as software-defined radios. It grants any computer programmer the ability to...
HackRF Jawbreaker Could Bring Low-Cost Wireless Hacking to the Masses
Generations of hobbyists hardware hackers have spent countless hours messing with piles of radio gear, happily tinkering away in garages and basements looking for new ways to connect to people around the world. Now, a researcher has put together a new radio called HackRF that is a kind of...
ActFax 4.31 Local Privilege Escalation Exploit
Exploit for windows platform in category local exploits !/usr/bin/python Title: ActFax 4.31 Local Privilege Escalation Exploit Author: Craig Freyman @cd1zz Discovered: July 10, 2012 Vendor Notified: June 12, 2012 Description: http://www.pwnag3.com/2012/08/actfax-local-privilege-escalation.html...
ActFax Server 4.31 Build 0225 - Local Privilege Escalation
!/usr/bin/python Title: ActFax 4.31 Local Privilege Escalation Exploit Author: Craig Freyman @cd1zz Discovered: July 10, 2012 Vendor Notified: June 12, 2012 Description: http://www.pwnag3.com/2012/08/actfax-local-privilege-escalation.html msfpayload windows/exec CMD=cmd.exe R | msfencode -e...
PostgreSQL for Linux Payload Execution
On some default Linux installations of PostgreSQL, the postgres service account may write to the /tmp directory, and may source UDF Shared Libraries from there as well, allowing execution of arbitrary code. This module compiles a Linux shared object file, uploads it to the target host via the...
[SECURITY] Fedora 16 Update: ganglia-3.1.7-5.fc16
Ganglia is a scalable, real-time monitoring and execution environment with all execution requests and statistics expressed in an open well-defined XML format...
persistent xss through flash swf file attachment download
It is possible to upload a flash swf file which when the attachment 'download' url is visited the flash swf file is executed in the browser and as such can use ExternalInterface.call method to inject javascript defined in the swf file into the browser...
Ubuntu Update for linux-ti-omap4 USN-1330-1
Ubuntu Update for Linux kernel vulnerabilities USN-1330-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN13301.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for linux-ti-omap4 USN-1330-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.n...
Ubuntu: Security Advisory (USN-1336-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
kernel: keys: NULL pointer deref in the user-defined key type
The userupdate function in security/keys/userdefined.c in the Linux kernel 2.6 allows local users to cause a denial of service NULL pointer dereference and kernel oops via vectors related to a user-defined key and "updating a negative key into a fully instantiated key."...
[SECURITY] Fedora 15 Update: wicd-1.7.0-11.fc15
Wicd is designed to give the user as much control over behavior of network connections as possible. Every network, both wired and wireless, has its own profile with its own configuration options and connection behavior. Wicd will try to automatically connect only to networks the user specifies it...