EUVD-2019-13664

Malware in sbrugna...

RHEL 9 : webkit2gtk3 (RHSA-2024:9638)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9638 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: type confusion may lead to...

TFTP Fetch, Linux Command Shell, Bind TCP Inline

Fetch and execute an PPC64 payload from a TFTP server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/tftp/ppc64/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options...

Unsafe message encode and decode for cross chain message transfer and in execution process through axelar

Lines of code Vulnerability details Impact The cross chain message passing is done through the axelar gateway contracts. To pass the message, the message has to be formatted abi.encode and sent to destination chain from source chain. In destination chain, through gateway contract, the received...

The vulnerabilities of the microprogramming software for Siemens STEP 7 programmable logic controllers, the systems for managing production processes such as Opcenter Execution Discrete, Opcenter Execution Process, Opcenter Execution Foundation, Opcenter Intelligence, Opcenter Quality, SIMATIC IT Production Suite, the system diagnostic tool SIMOCODE ES, the software for parameterizing, diagnosing, and documenting the startup process of SIRIUS Soft Starter ES, the web-based systems for managing technological processes like SIMATIC PCS neo, the Opcenter RD&L software platform, and the software for analyzing equipment efficiency and key indicators like SIMATIC IT LMS. These vulnerabilities arise from the absence of quotation marks in the wording of elements or search methods, which allows attackers to exploit them to gain elevated privileges to the root level.

The vulnerabilities of the microprogramming software for Siemens STEP 7 programmable logic controllers, the systems for managing production processes such as Opcenter Execution Discrete, Opcenter Execution Process, Opcenter Execution Foundation, Opcenter Intelligence, Opcenter Quality, SIMATIC IT...

Vulnerability of microprogramming software for Siemens STEP 7 programmable logic controllers, systems for manufacturing process control such as Opcenter Execution Discrete, Opcenter Execution Process, Opcenter Execution Foundation, Opcenter Intelligence, Opcenter Quality, SIMATIC IT Production Suite, the system diagnostic tool SIMOCODE ES, the software for parameterizing, diagnosing, and documenting the startup status of SIRIUS Soft Starter ES, technological process management systems like SIMATIC PCS neo, the Opcenter RD&L software platform, and the software for analyzing equipment efficiency and key indicators like SIMATIC IT LMS. These vulnerabilities allow attackers to trigger malfunctions during maintenance operations due to insufficient input data verification.

The vulnerabilities of the microprogramming software for Siemens STEP 7 programmable logic controllers, the systems for managing production processes such as Opcenter Execution Discrete, Opcenter Execution Process, Opcenter Execution Foundation, Opcenter Intelligence, Opcenter Quality, SIMATIC IT...

YottaDB has an unspecified vulnerability (CNVD-2022-31932)

YottaDB is a real-time database from YottaDB, Inc. A security vulnerability exists in YottaDB r1.32 and earlier versions, which can be exploited to gain control of the execution process by manipulating the value of the function pointer used by opwrite in srport/opwrite.c using carefully crafted...

FATEK Automation WinProladder Buffer Overflow Vulnerability (CNVD-2021-83603)

FATEK Automation WinProladder is a PLC from FATEK Automation in China.FATEK Automation WinProladder is vulnerable to a buffer overflow vulnerability, which can be exploited by attackers to execute arbitrary code in the context of the current process...

CVE-2020-7581

A vulnerability has been identified in Opcenter Execution Discrete All versions V3.2, Opcenter Execution Foundation All versions V3.2, Opcenter Execution Process All versions V3.2, Opcenter Intelligence All versions V3.3, Opcenter Quality All versions V11.3, Opcenter RD&L V8.0, SIMATIC Notifier...

CVE-2020-7581

CVE-2020-7581 affects Siemens/Opcenter components (Discrete/Foundation/Process, Intelligence, Quality, RD&L) and related SIMATIC/Soft Starter/PCS neo, STEP 7, SIMOCODE ES, and Notifier Server. Root cause: an internal component calls a helper binary with SYSTEM privileges during startup via an unq...

PT-2020-6696 · Siemens · Simocode Es +12

Name of the Vulnerable Software and Affected Versions: Opcenter Execution Discrete versions prior to V3.2 Opcenter Execution Foundation versions prior to V3.2 Opcenter Execution Process versions prior to V3.2 Opcenter Intelligence versions prior to V3.3 Opcenter Quality versions prior to V11.3...

Security Bulletin: Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9.

Summary IBM DB2 is shipped with IBM License Metric Tool. Information about a security vulnerabilities affecting IBM DB2 has been published in a security bulletin. Vulnerability Details CVEID: CVE-2019-4322 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server is vulnerable ...

CVE-2019-4057

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access to the DB2 instance account to leverage a fenced execution process to execute arbitrary code as root. IBM X-Force ID: 156567...

Arbitrary Code Execution

flac is vulnerable to arbitrary code execution. A stack-based buffer overflow in streamdecoder.c allows an attacker to pass a malicious FLAC audio file to execute arbitrary code or crash the process when the file is read...