Microsoft Update to Improve Cryptography and Digital Certificate Handling (2854544)

This host is missing an important security update according to Microsoft Security Advisory 2854544. OpenVAS Vulnerability Test $Id: secpodcryptndigitalcerthandlingupdate.nasl 5347 2017-02-19 09:15:55Z cfi $ Microsoft Update to Improve Cryptography and Digital Certificate Handling 2854544 Authors:...

strange_headers

This plugin greps all headers for non-common headers. This could be useful to identify special modules and features added to the server. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres...

[SpiderFoot v2.0] The Open Source Footprinting tool

SpiderFoot is a free, open-source footprinting tool, enabling you to perform various scans against a given domain name in order to obtain information such as sub-domains, e-mail addresses, owned netblocks, web server versions and so on. The main objective of SpiderFoot is to automate the...

[Process PEB Finder] Tool to find and display PEB Address of running Processes

Process PEB Finder is the console based tool to find and display PEB Address of running Processes on your system. PEB Process Environment Block is the part of Process memory where is stores important information including loaded modules, startup paramenters, environment variables, debug informati...

[SET Version 5.0] The Social-Engineer Toolkit "The Wild West"

Social-Engineer Toolkit SET v5.0 codename: The Wild West is a culmination of six months of development, bug squashing, and user feedback. New with this version includes a completely redesigned multiprocessing web server that handles non-rfc compliant HTTP information. The builtin SET web server...

[Viproy] VoIP Penetration Testing Kit

Viproy Voip Pen-Test Kit is developed to improve quality of SIP Penetration Tests. It provides authentication feature that helps to create simple tests. It includes 7 different modules with authentication support: options tester, brute forcer, enumerator, invite tester, trust analyzer, proxy and...

Hewlett-Packard Intelligent Management Center JavaService Information Disclosure Vulnerability

This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of HP Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the communication channel between the JavaService server and th...

CVE-2013-0664

The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests...

CVE-2013-0663

Cross-site request forgery CSRF vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary...

Code injection

The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability on the Schneider Electric Quantum 140NOE77111, 140NOE77101, and 140NWM10000; M340 BMXNOC0401, BMXNOE0100x, and BMXNOE011xx; and Premium TSXETY4103, TSXETY5103, and TSXWMY100 PLC modules allows remote attackers to hijack the authentication of arbitrary...

CVE-2013-0663

CVE-2013-0663 affects Schneider Electric Modicon M340, Quantum 140NOE7711x/140NWM10000, and Premium TSXETY4103/5103/TSXWMY100 PLC modules. The vulnerability is a Cross-Site Request Forgery (CSRF) in the web server interface that permits remote attackers to hijack user authentication and issue com...

CVE-2013-2763

The Schneider Electric M340 PLC modules allow remote attackers to cause a denial of service resource consumption via unspecified vectors. NOTE: the vendor reportedly disputes this issue because it "could not be duplicated" and "an attacker could not remotely exploit this observed behavior to deny...

CVE-2013-0664

CVE-2013-0664 affects Schneider Electric Modicon PLCs (Quantum 140NOE77111, 140NWM10000, M340 BMXNOE0110x, Premium TSXETY5103). The vulnerability arises in the FactoryCast feature: remote authenticated users can embed Modbus messages in SOAP HTTP POST requests, enabling arbitrary code execution o...

MailOrderWorks 5.907 - Multiple Vulnerabilities

MailOrderWorks 5.907 - Multiple Vulnerabilities Title: ====== MailOrderWorks v5.907 - Multiple Web Vulnerabilities Date: ===== 2013-01-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=798 VL-ID: ===== 796 Common Vulnerability Scoring System:...

Active Perl Modules Multiple Vulnerabilities - Windows

Active Perl is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Rosewill RSVA11001 - Remote Command Injection

Rosewill RSVA11001 - Remote Command Injection I have been hacking on a Rosewill RSVA11001 for a while now, something to suck up my free time. I had pulled apart the firmware previously but did not succeed in finding a way to get a shell on the device. The box is Hi3515 based, I found an exploit f...

Rosewill RSVA11001 - Remote Command Injection

Exploit for hardware platform in category remote exploits I have been hacking on a Rosewill RSVA11001 for a while now, something to suck up my free time. I had pulled apart the firmware previously but did not succeed in finding a way to get a shell on the device. The box is Hi3515 based, I found ...

Rosewill RSVA11001 - Remote Command Injection

I have been hacking on a Rosewill RSVA11001 for a while now, something to suck up my free time. I had pulled apart the firmware previously but did not succeed in finding a way to get a shell on the device. The box is Hi3515 based, I found an exploit for another similar box Ray Sharp but it did no...

[XSSF v.3.0] Cross-Site Scripting Framework

The Cross-Site Scripting Framework XSSF is a security tool designed to turn the XSS vulnerability exploitation task into a much easier work. The XSSF project aims to demonstrate the real dangers of XSS vulnerabilities, vulgarizing their exploitation. This project is created solely for education,...