ESA-2014-071: RSA Archer® GRC Platform Multiple Vulnerabilities

ESA-2014-071.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-071: RSA Archer® GRC Platform Multiple Vulnerabilities EMC Identifier: ESA-2014-071 CVE Identifier: CVE-2014-2517, CVE-2014-2505, CVE-2014-0640, CVE-2014-0641 Severity Rating: CVSS v2 Base Score: See below for individual scor...

CVE-2014-2505

EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors...

Code injection

EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors...

CVE-2014-2505

EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors...

Siemens Patches DoS Vulnerability in SIMATIC S7

Siemens released an update for one of its automation systems late last week, patching a denial of service vulnerability in all versions of its SIMATIC S7-1500 CPU prior to V1.6. An advisory on the Industrial Control Systems Cyber Emergency Response Team’s ICS-CERT website warned about the...

PWGen - Generator of cryptographically-strong passwords

PWGen is a professional password generator capable of creating large amounts of cryptographically-secure passwords or passphrases consisting of words from a word list. It uses a “random pool ” technique to generate random data based on user inputs keystrokes, mouse handling and volatile system...

How to restore vCenter Server without a vCenter Server

Challenge The vCenter Server is not available and the vCenter Server VM needs to be restored. Solution To restore the vCenter Server, you will need to add one of the individual ESXi hosts to Veeam Backup & Replication, allowing you to target that host directly to restore the vCenter VM. Possible...

Mobile Broadband Modems Seen as Easy Targets for Attackers

LAS VEGAS–Mobile broadband modems can be a great alternative if you can’t find a WiFi network or don’t trust the ones you can find. But many of the models sold by the major manufacturers contain bugs and functionality that a remote attacker can exploit without much difficulty. Much of the market...

MozillaFirefox: Update to Mozilla Firefox 31 (important)

MozillaFirefox was updated to version 31 to fix various security issues and bugs: MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety hazards MFSA 2014-57/CVE-2014-1549 bmo1020205 Buffer overflow during Web Audio buffering for playback MFSA 2014-58/CVE-2014-1550 bmo1020411...

Cross site scripting

Cross-site scripting XSS vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

FengCMS的CSRF漏洞可导致数据库被dump

简要描述： 重要功能未进行csrf token验证导致可被脱裤 详细说明： 后台管理中的数据备份功能未进行csrf token验证。 攻击者制作内容如下的csrf.php并放到attacker.com下面： 随后将http://attacker.com/csrf.php这个URL发送给受害者（网站管理员）。如果管理员在打开该URL时处于登录状态就会以管理员的身份像目标服务器发送备份数据库的请求： ?controller=dbmanage&operate=save&type=0...

Mastery OA 2011-2013 pass to kill GETSHELL-a vulnerability warning-the black bar safety net

Statement: This program applied to a lot of government agencies, educational institutions, as well as the large stream companiesChina Telecom, etc.! Please after reading this don't try to for any use of the program website destruction attack invasion, etc... I made this post purely technical...

New Cridex Banking Trojan variant Surfaces with Self-Spreading Functionality

In an effort to infect large number of people, cybercriminals have developed a new malicious software program that contains functionality to spread itself quickly. Geodo, a new version of the infamous Cridex also known as Feodo or Bugat banking information stealing Trojan works in conjunction wit...

leadtools activex common dialogs 16.5 - Multiple Vulnerabilities

No description provided by source. LEADTOOLS ActiveX Common Dialogs 16.5 Multiple Remote Vulnerabilities Vendor: LEAD Technologies, Inc. Product Web Page: http://www.leadtools.com Affected version: 16.5.0.2 Summary: With LEADTOOLS you can control any scanner, digital camera or capture card that h...

Novell Groupwise Internet Agent Stack Overflow

No description provided by source. Application: Novell Groupwise Internet Agent Stack Overflow Platforms: Windows, Linux, Netware GroupWise 7.0, 7.01, 7.02, 7.03x, 7.04, 8.0, 8.01x Exploitation: Remote code execution CVE Number: Novell TID: 7006374 Author: Francis Provencher Protek Research Lab's...

Microsoft Windows NT 4/2000 NetBIOS Name Conflict Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1514/info An attacker can send the NetBIOS name service a NetBIOS Name Conflict message even when the receiving machine is not in the process of registering its NetBIOS name. The target will then not attempt to use that...

sFileManager <= v.24a Local File Inclusion Vulnerability

No description provided by source. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= sFileManager = v.24a / Local File Inclusion Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= $ Program: sFileManager $ Version: = v.24a $ File affected: fm.php $ Download:...

Mitsubishi Electric GB-50A - Multiple Remote Authentication Bypass Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/28406/info The Mitsubishi Electric GB-50A is prone to multiple authentication-bypass vulnerabilities. Successful exploits will allow unauthorized attackers to gain access to administrative functionality and completely...

Microsoft Windows Media Player 11 ScriptCommand Multiple Information Disclosure Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/35335/info Microsoft Windows Media Player is prone to multiple information-disclosure vulnerabilities because it fails to properly restrict access to certain functionality when handling media files. An attacker can exploi...

WP-Footnotes 2.2 WordPress Plugin Multiple Remote Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/27572/info WP-Footnotes plugin for WordPress is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. The plugin also insecurely exposes...