AXIS Multiple Products - Authenticated Remote Command Execution via devtools Vector

Exploit for linux platform in category web applications Advisory Information ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + Title: AXIS Multiple Products Authenticated Remote Command Execution via devtools vector + Vendor: AXIS Communications + Research and Advisory: Orwelllabs ...

AXIS Authenticated Remote Command Execution

/ \ / \ / \ / \ / \ / \ / \ / \ / \ / \ 0 | R | W | 3 | L | L | L | 4 | 8 | 5 / / / / / / / / / / www.orwelllabs.com security advisory olsa-2015-8257 PGP: 79A6CCC0 Advisory Information ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + Title: AXIS Multiple Products...

VulnCheck KEV: CVE-2016-3714

ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders. This allows a remote attacker to execute arbitrary code via shell metacharacters in a crafted image...

Siemens SIMATIC WinCC, PCS 7, and WinCC Runtime Professional Vulnerabilities (Update C)

OVERVIEW This updated advisory is a follow-up to the advisory update titled ICSA-16-208-01B Siemens SIMATIC WinCC, PCS 7, and WinCC Runtime Professional Vulnerabilities that was published October 4, 2016, on the NCCIC/ICS-CERT web site. Siemens has identified two vulnerabilities in SIMATIC WinCC,...

pgpdump 0.29 Endless Loop

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-030 Product: pgpdump Maintainer: Kazu Yamamoto Affected Versions: 0.29 Tested Versions: 0.29 Vulnerability Type: Improper Input Validation CWE-20 Risk Level: Low Solution Status: Fixed in 0.30 Maintainer Notification: 2016-04-...

ManageEngine Firewall Analyzer Multiple XSS

The ManageEngine Firewall Analyzer running on the remote web server is affected by multiple cross-site scripting XSS vulnerabilities due to improper validation of user-supplied input. A remote attacker can exploit these vulnerabilities to execute arbitrary script code in a user's browser session...

Axis Network Cameras - Multiple Vulnerabilities

Exploit for hardware platform in category web applications I. ADVISORY INFORMATION ----------------------- Title: Axis Network Cameras Multiple Cross-site scripting Vendor: Axis Communications Class: Improper Input Validation CWE-20 CVE Name: CVE-2015-8256 Remotely Exploitable: Yes Locally...

Axis Network Cameras - Multiple Vulnerabilities

| | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | 6079 Smith W | | | \ V V / / | | | | | | \ \ doubleplusungood /|| // ||||,|./|/ owning some telescreens... Security Adivisory 2016-04-09 www.orwelllabs.com twt:@orwelllabs I. ADVISORY INFORMATION ----------------------- Title: Axis...

Axis Network Cameras - Multiple Vulnerabilities

Axis Network Cameras - Multiple Vulnerabilities | | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | 6079 Smith W | | | \ V V / / | | | | | | \ \ doubleplusungood /|| // ||||,|./|/ owning some telescreens... Security Adivisory 2016-04-09 www.orwelllabs.com twt:@orwelllabs I. ADVISORY...

perfact::mpa Persistent Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-066 Product: perfact::mpa Manufacturer: PerFact Innovation GmbH & Co. KG Affected Versions: Custom versions using PerFact DBUtils Toolkit v3.2 Tested Versions: Custom version with PerFact DBUtils Toolkit v3.2 Vulnerability Typ...

IBM WebSphere Application Server Multiple Vulnerabilities (swg21622444)

IBM WebSphere Application Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Dell Authentication Driver Uncontrolled Write

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 KL-001-2015-008 : Dell Pre-Boot Authentication Driver Uncontrolled Write to Arbitrary Address Title: Dell Pre-Boot Authentication Driver Uncontrolled Write to Arbitrary Address Advisory ID: KL-001-2015-008 Publication Date: 2015.12.18 Publication UR...

Dell Pre-Boot Authentication Driver Uncontrolled Write to Arbitrary Address

Vulnerability Details Affected Vendor: Dell Affected Product: Pre-Boot Authentication Driver Affected Version: 1.0.1.5 Platform: Microsoft Windows XP SP3, Microsoft Windows 2003 SP2, Microsoft Windows 7 CWE Classification: CWE-20: Improper input validation Impact: Arbitrary Code Execution Attack...

Yokogawa HART Device DTM Vulnerability

OVERVIEW Alexander Bolshev of Digital Security has identified an improper input vulnerability in the CodeWrights GmbH HART Device Type Manager DTM library utilized in Yokogawa’s HART Device DTM. CodeWrights GmbH has addressed the vulnerability with a new library, which both companies have begun t...

Cisco Email Security Appliance Email Scanner Denial of Service Vulnerability

A vulnerability in the email message filtering feature of Cisco AsyncOS for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause an ESA device to become unavailable due to a denial of service DoS condition. SPDX-FileCopyrightText: 2015 Greenbone AG Some text...

Magnetrol HART DTM Vulnerability

OVERVIEW Alexander Bolshev of Digital Security has identified an improper input validation vulnerability in the CodeWrights GmbH HART Device Type Manager DTM library extension utilized by some Magnetrol products. CodeWrights GmbH has updated its software library to mitigate this vulnerability...

jdk7-openjdk: multiple issues

CVE-2015-4734 information disclosure It was discovered that the JGSS component of OpenJDK did not properly hide Kerberos realm information from all error exceptions when running under Security Manager. An untrusted Java application or applet could use this flaw to obtain certain information about...

jre8-openjdk: multiple issues

CVE-2015-4734 information disclosure It was discovered that the JGSS component of OpenJDK did not properly hide Kerberos realm information from all error exceptions when running under Security Manager. An untrusted Java application or applet could use this flaw to obtain certain information about...

CodeWrights GmbH HART DTM Vulnerability (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-012-01 CodeWrights GmbH HART DTM Vulnerability that was published January 12, 2015, on the NCCIC/ICS-CERT web site. Independent researcher Alexander Bolshev has identified an improper input validation...

CodeWrights GmbH HART DTM Vulnerability (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-15-012-01A CodeWrights GmbH HART DTM Vulnerability that was published January 13, 2015, on the NCCIC/ICS-CERT web site. Alexander Bolshev of Digital Security has identified an improper input validation vulnerability...