SUBNET Solutions Inc. SubSTATION Server DNP3 Outstation Improper Input Validation

OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation in the SUBNET Solutions Inc. SubSTATION Server software application. SUBNET Solutions Inc. has produced a new version that mitigates this vulnerability. SUBNET Solutions Inc. ha...

ZPanel 10.0.0.2 Remote Command Execution Vulnerability

ZPanel version 10.0.0.2 suffers from a remote root command execution vulnerability. One of our expert team members email protected who is assigned to do the security audit of ZPanel code has found the follwoing security vulnerability with ZPanel 10.0.0.2 which will allow anyone to escalate the ro...

Top Server OPC Improper Input Validation Vulnerability

OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in the Software Toolbox TOP Server DNP Master OPC product. Software Toolbox has produced a new version that mitigates this vulnerability. The researchers have test...

Schweitzer Engineering Laboratories Improper Input Validation

Overview Adam Crain of Automatak and independent researcher Chris Sistrunk have identified improper DNP3 input validation in Schweitzer Engineering Laboratories’ real-time automation controllers RTAC. Schweitzer Engineering Laboratories SEL has produced updated firmware that mitigates this...

WeBid Local File Disclosure and SQL Injection Vulnerabilities

WeBid is prone to file disclosure and SQL Injection vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

IOServer Master Station Improper Input Validation

OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in the IOServer DNP3 Driver on the master station. IOServer has produced a new version that mitigates this vulnerability. The researchers have tested the new versi...

MatrikonOPC SCADA DNP3 Master Station Improper Input Validation

OVERVIEW This updated advisory was originally posted to the US-CERT secure Portal library on August 02, 2013, and is now being released to the ICS-CERT Web page. Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in...

GE Proficy HMI/SCADA CIMPLICITY WebView Improper Input Validation

OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on June 19, 2013, and is now being released to the ICS-CERT-Web page. Independent researchers ZombiE and amisto0x07 have identified an improper input validation vulnerability in the GE CIMPLICITY WebView application...

Galil RIO-47100 Improper Input Validation

Overview This advisory provides mitigation details for a vulnerability affecting the Galil RIO-47100 “Pocket PLC.” Researcher Jon Christmas of Solera Networks has identified an improper validation vulnerability in the Galil RIO-47100 PLC, which can result in a loss of availability. Galil has...

Cogent Real-Time Systems Vulnerabilities

Overview Dillon Beresford of Cimation has identified four vulnerabilities in the Cogent Real-Time Systems DataHub application. Cogent has produced an update that mitigates these vulnerabilities. These vulnerabilities could be exploited remotely. Affected Products Cogent Real-Time Systems reports...

PT-2013-39: Improper Input Validation in Wonderware Information Server

Positive Research Center experts have discovered "Improper Input Validation" vulnerability in Wonderware Information Server. WIS allows access to local resources files and internal resources via unsafe parsing of XML external entities. By using specially crafted XML files, an attacker can cause W...

WeBid Multiple Vulnerabilities

WeBid is prone to directory traversal and multiple cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

GE Intelligent Platforms Proficy Real-Time Information Portal Vulnerabilities

OVERVIEW This advisory is a follow-up to the previously updated portal advisory titled ICSA-12-234-01AP—GE Intelligent Platforms Proficy Real-Time Information Portal Multiple Vulnerabilities, which was published September 17, 2012, in the US-CERT secure Portal library. This advisory provides...

TYPO3 'BACK_PATH' Parameter LFI Vulnerability (TYPO3-CORE-SA-2011-004)

TYPO3 is prone to local file inclusion LFI vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3";...

RHEL 6 : ghostscript (RHSA-2012:0095)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0095 advisory. Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures the Ghostscript library, which implements the...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation. The krb5db2lockoutaudit function in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.8 through 1.8.4, when the db2 aka Berkeley DB back end is used, allows remote attackers to cause a denial of...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation. The kdbldap plugin in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service NULL pointer dereference...

Siemens Automation License Manager Vulnerabilities

Overview This Advisory is a follow-up to the original Alert titled “ICS-ALERT-11-332-01A—Siemens Automation License Manager Vulnerabilities” that was published December 02, 2011, on the ICS-CERT web page. ICS-CERT is aware of publicly disclosed reports of four vulnerabilities in Siemens Automatio...

vBulletin 4.1.3 SQL Injection

Exploit Title: Vbulletin 4.0.x = 4.1.3 messagegroupid SQL injection Vulnerability 0-day Google Dork: intitle: powered by Vbulletin 4 Date: 20/07/2011 Author: FB1H2S Software Link: urlhttp://www.vbulletin.com//url Version: 4.x.x Tested on: relevant os CVE : urlhttp://members.vbulletin.com//url...

vBulletin 4.0.x 4.1.3 - messagegroupid SQL Injection

vBulletin 4.0.x 4.1.3 - messagegroupid SQL Injection Exploit Title: Vbulletin 4.0.x = 4.1.3 messagegroupid SQL injection Vulnerability 0-day Google Dork: intitle: powered by Vbulletin 4 Date: 20/07/2011 Author: FB1H2S Software Link: urlhttp://www.vbulletin.com//url Version: 4.x.x Tested on:...