8752 matches found
The vulnerability of the application development environment for ISaGRAF Workbench programmable logic controllers arises from incorrect restrictions on the path name to the restricted access directory. This allows attackers to escalate their privileges.
The vulnerability in the development environment for ISaGRAF Workbench programmable logic controllers is related to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability can allow attackers to enhance their privileges using a specially created...
The vulnerabilities of the microprogramming software for Siemens STEP 7 programmable logic controllers, the systems for managing production processes such as Opcenter Execution Discrete, Opcenter Execution Process, Opcenter Execution Foundation, Opcenter Intelligence, Opcenter Quality, SIMATIC IT Production Suite, the system diagnostic tool SIMOCODE ES, the software for parameterizing, diagnosing, and documenting the startup process of SIRIUS Soft Starter ES, the web-based systems for managing technological processes like SIMATIC PCS neo, the Opcenter RD&L software platform, and the software for analyzing equipment efficiency and key indicators like SIMATIC IT LMS. These vulnerabilities arise from the absence of quotation marks in the wording of elements or search methods, which allows attackers to exploit them to gain elevated privileges to the root level.
The vulnerabilities of the microprogramming software for Siemens STEP 7 programmable logic controllers, the systems for managing production processes such as Opcenter Execution Discrete, Opcenter Execution Process, Opcenter Execution Foundation, Opcenter Intelligence, Opcenter Quality, SIMATIC IT...
Wallarm at Black Hat USA 2022
Black Hat USA is celebrating its 25th anniversary, and Wallarm will be on hand for the festivities. If you’re headed to Vegas this year, we invite you to meet our crew and talk about API security. Tuesday 08/09 – Pre-Event Evening Party Join us on Tuesday 08/09 evening at the Emerging Technology...
SUSE: Security Advisory (SUSE-SU-2022:2717-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
canberralearninganddevelopmentcentre.com.au Cross Site Scripting vulnerability OBB-2829586
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Project.raiseDispute() might work with the already completed task.
Lines of code Vulnerability details Impact Project.raiseDispute might work with the already completed task. Already completed tasks can't be changed in any cases and it might bring some unexpected outcome when the dispute is approved by fault. Proof of Concept It's impossible to change anything...
CVE-2022-34844
In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit DPDK/Elastic Network Adapter ENA driver is used with BIG-IP or BIG-IQ on Amazon Web Services AWS systems, undisclosed traffic can cause the Traffic Management...
Kage - Graphical User Interface For Metasploit Meterpreter And Session Handler
Kage ka-geh is a tool inspired by AhMyth designed for Metasploit RPC Server to interact with meterpreter sessions and generate payloads. For now it only supports windows/meterpreter & android/meterpreter. Getting Started Please follow these instructions to get a copy of Kage running on your local...
The vulnerability of the application development environment for ISaGRAF Workbench’s programmable logic controllers allows a hacker to execute arbitrary code by restoring unreliable data in memory.
The vulnerability of the development environment for ISaGRAF Workbench programmable logic controllers is related to the restoration of unreliable data in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
CVE-2022-31198
OpenZeppelin Contracts: GovernorVotesQuorumFraction vulnerability where lowering quorum could make past defeated proposals executable if votes meet the new quorum. Affected: GovernorVotesQuorumFraction-based governors in OpenZeppelin Contracts. Root cause: quorum is a percentage of total supply, ...
CVE-2022-31128
Tuleap CVE-2022-31128 affects Tuleap Community Edition prior to 13.10.99.82 and Tuleap Enterprise Edition prior to 13.10-3. The issue arises from improper verification of fine-grained permissions when creating Git branches via the REST API (POST git/:id/branches); users could create branches rega...
Two Key Ways Development Teams Can Increase Their Security Maturity
Now more than ever, organizations need to enable their development teams to build and grow their security skills. Today organizations face a threat landscape where individuals, well-financed syndicates, and state actors are actively trying to exploit errors in software. Yet, according to recent...
Shift Left: Secure Your Innovation Pipeline
There’s no shortage of buzzwords in the tech world. Some are purely marketing spin. But others are colloquial ways for the industry to talk about complex topics that have a massive impact on how organizations and teams drive innovation and work more efficiently. Here at Rapid7, we believe the...
Fedora: Security Advisory for origin (FEDORA-2022-5038c3236c)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ASB-A-228178437
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to trick the victim to grant notification access to the wrong app due to improper input validation. This could lead to local information disclosure with User execution privileges needed. User interaction is not...
[SECURITY] Fedora 36 Update: swig-4.0.2-17.fc36
Simplified Wrapper and Interface Generator SWIG is a software development tool for connecting C, C++ and Objective C programs with a variety of high-level programming languages. SWIG is used with different types of target languages including common scripting languages such as Javascript, Perl, PH...
[SECURITY] Fedora 36 Update: golang-github-shopify-toxiproxy-2.1.4-11.fc36
Toxiproxy is a framework for simulating network conditions. It's made specifically to work in testing, CI and development environments, supporting deterministic tampering with connections, but with support for randomized chaos and customization. Toxiproxy is the tool you need to prove with tests...
[SECURITY] Fedora 36 Update: golang-github-hashicorp-hclog-0.15.0-6.fc36
Go-hclog is a package for Go that provides a simple key/value logging interfa ce for use in development and production environments...
Malicious Npm Packages Tapped Again to Target Discord Users
Threat actors once again are using the node package manager npm repository to hide malware that can steal Discord tokens to monitor user sessions and steal data on the popular chat and collaboration platform, researchers have found. A campaign discovered this week by Kaspersky researchers is hidi...
Maldev-For-Dummies - A Workshop About Malware Development
In the age of EDR, red team operators cannot get away with using pre-compiled payloads anymore. As such,malware development is becoming a vital skill for any operator. Getting started with maldev may seem daunting, but is actually very easy. This workshop will show you all you need to get started...