PT-2017-17982 · Rockwell Automation · Micrologix 1100 +1

Name of the Vulnerable Software and Affected Versions: Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers versions 16.00 and prior Rockwell Automation Allen-Bradley MicroLogix 1400 programmable logic controllers versions 16.00 and prior Description: A Predictable Val...

The vulnerability of the initial loader of Qualcomm’s Android operating system allows a hacker to execute arbitrary code.

The vulnerability of the initial loader of the Qualcomm Android operating system is related to deficiencies in access control. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Multiple Schneider Electric Modicon Product TCP Initial Serial Number Prediction Vulnerabilities

Schneider-Electric Modicon M251 and others are programmable controller products of Schneider Electric France. A security vulnerability exists in a number of Schneider Electric Modicon products, which arises from a program's failure to generate a sufficient number of random TCP initial serial...

CVE-2017-7935

A Resource Exhaustion issue was discovered in Phoenix Contact GmbH mGuard firmware versions 8.3.0 to 8.4.2. An attacker may compromise the device's availability by performing multiple initial VPN requests...

CVE-2017-3873

A vulnerability in the Plug-and-Play PnP subsystem of the Cisco Aironet 1800, 2800, and 3800 Series Access Points running a Lightweight Access Point AP or Mobility Express image could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges. The vulnerability is...

Stack Overflow Vulnerability in the InitialSDK Method of the SoftNVR-IA NVRLV Control for Mosaic Video Surveillance Systems

Mosa Video Surveillance System SoftNVR-IA is a real-time IP video surveillance software developed by Mosa Technology Shanghai Co. A stack overflow vulnerability exists in the InitialSDK method of the NVRLV control of Mosa Video Surveillance System SoftNVR-IA. By tricking the user into visiting a...

FTPShell Client 6.53 - Remote Buffer Overflow

Exploit Title: FTPShell Client 6.53 buffer overflow on making initial connection Date: 2017-03-04 Exploit Author: Peter Baris Vendor Homepage: http://www.saptech-erp.com.au Software Link: http://www.ftpshell.com/downloadclient.htm Version: Windows Server 2008 R2 x64 Tested on: Windows Server 2008...

DEBIAN-CVE-2016-3180

Tor Browser Launcher aka torbrowser-launcher before 0.2.4, during the initial run, allows man-in-the-middle attackers to bypass the PGP signature verification and execute arbitrary code via a Trojan horse tar file and a signature file with the valid tarball and signature...

ntp: Broken initial sync calculations regression

A flaw was found in the way ntpd calculated the root delay. A remote attacker could send a specially-crafted spoofed packet to cause denial of service or in some special cases even crash...

The vulnerability of the Android operating system, which allows a hacker to gain access to data

The vulnerability in the initial loader of the Android operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow a local attacker to access data beyond their authorized access level. This issue is considered “high” because it could be used to...

The vulnerability of the Android operating system, which allows a hacker to gain access to data

The vulnerability in the initial loader of the Android operating system is related to the lack of protection for service data. Exploiting this vulnerability can allow a local attacker to access data beyond their authorized access level. This issue is considered “high” because it could be used to...

Design/Logic Flaw

NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion."...

DEBIAN-CVE-2016-7433

NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion."...

CVE-2016-7433

NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion."...

UBUNTU-CVE-2016-7433

NTP before 4.2.8p9 does not properly perform the initial sync calculations, which allows remote attackers to unspecified impact via unknown vectors, related to a "root distance that did not include the peer dispersion."...

Update Rollup 4 for Microsoft Azure Site Recovery Provider

Update Rollup 4 for Microsoft Azure Site Recovery Provider This article describes the improvements that are included in Update Rollup 4 for Microsoft Azure Site Recovery Provider. Learn about the details of the improvements and the prerequisites that should be validated before you install this...

CVE-2016-8862

The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick before 7.0.3.3 allows remote attackers to have unspecified impact via a crafted image, which triggers a memory allocation failure...

Jndi injection and Spring RCE vulnerability analysis-vulnerability warning-the black bar safety net

Foreword Because before has been traveling, and haven't done the research, eleven during the re-focus of the 2 0 1 6 BlackHat the above subject, wherein jndi injection caught my attention, this paper mainly divided into the following 3 sections, the understanding of jndi, analysis jndi injection...

PT-2016-5665 · Red Hat +2 · Red Hat Enterprise Mrg +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 Description: The issue allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd...

The YAWAST Antecedent Web Application Security Toolkit

The YAWAST Antecedent Web Application Security Toolkit YAWAST is an application meant to simplify initial analysis and information gathering for penetration testers and security auditors. It performs basic checks in these categories: TLS/SSL – Versions and cipher suites supported; common issues...