3053 matches found
Stack overflow
Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080...
CVE-2011-5007
Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080...
optima apiftp server 1.5.2.13 - Multiple Vulnerabilities
Luigi Auriemma Application: Optima APIFTP Server http://www.optimalog.com/home.html Versions: = 1.5.2.13 Platforms: Windows Bugs: A NULL pointer B endless loop Exploitation: remote Date: 13 Nov 2011 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1 Introduction 2 Bugs 3 The Co...
Duqu computer virus Detected by Iran civil defense organization
Duqu computer virus Detected by Iran civil defense organization The virus is called W32.Duqu, or just Duqu create fear after the opening Pandora's Box of Stuxnet. The head of Iran's civil defense organization told the official IRNA news agency that computers at all main sites at risk were being...
IRAI AUTOMGEN 8.0.0.7 - Use-After-Free
Luigi Auriemma Application: IRAI AUTOMGEN http://www.irai.com/a8e/ Versions: = 8.0.0.7 aka 8.022 Platforms: Windows Bug: use after free Exploitation: file Date: 10 Oct 2011 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1 Introduction 2 Bug 3 The Code 4 Fix =============== 1...
Researcher Will Demo Crippling Siemens Attack Using Metasploit
For years, there’s been an argument that the sophistication of industrial control systems is enough to keep script kiddies – or low-skilled hackers – away. Well, so much for that. Researcher Ralph Langer says that he will use a presentation at an upcoming security conference in Washington D.C. to...
Stuxnet Source Code Released Online - Download Now
Stuxnet Source Code Released Online - Download Now Stuxnet is a Microsoft Windows computer worm discovered in July 2010 that targets industrial software and equipment. While it is not the first time that crackers have targeted industrial systems,it is the first discovered malware that spies on an...
Metasploit Holding On Siemens Exploits
UPDATE: A week after a security researcher decided to cancel a technical discussion of security holes in industrial control software from Siemens, Inc., public exploits for the vulnerabilities are on hold while the company works to shore up systems running its Simatic programmable logic controlle...
SCADA Holes Allowed Remote Takedown of Siemens Systems
Security researcher Dillon Beresford decided not to present a talk at the TakedownCon in Dallas on Thursday, citing concerns about mayhem that could have resulted. But in an e-mail, he told Threatpost that the vulnerabilities could allow remote attackers to start or stop Siemens Programmable Logi...
Fedora Update for wordpress-mu FEDORA-2010-19329
Check for the Version of wordpress-mu OpenVAS Vulnerability Test Fedora Update for wordpress-mu FEDORA-2010-19329 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
Researcher Demonstrates Stuxnet At Work
We know Stuxnet has caused some major disruptions in nations like Iran and India. But how, exactly, does it work? In this video, Symantec researcher Liam O’Murchu demonstrates how a Stuxnet infected programmable logic controller PLC by Siemens can instruct a piece of machinery to run out of...
Rockwell PLC5/SLC5/0x/RSLogix Security Vulnerability
Overview Rockwell Automation has identified a security vulnerability in the programming and configuration client software authentication mechanism employed by certain versions of the PLC-5 and SLC 5/0x family of programmable controllers. Affected Products Rockwell PLC-5 and SLC 5/0x controllers a...
C4 SCADA Security Advisory - Rockwell Automation (Allen Bradley) Multiple Vulnerabilities in Micrologix 1100 & 1400 Series Controllers
Background ----------------- Vendor product information, from www.ab.com : With online editing and a built-in 10/100 Mbps EtherNet/IP port for peer-to-peer messaging, the MicroLogix 1100 controller adds greater connectivity and application coverage to the MicroLogix family of Allen-Bradley...
Fedora Update for net-snmp FEDORA-2008-5224
Check for the Version of net-snmp OpenVAS Vulnerability Test Fedora Update for net-snmp FEDORA-2008-5224 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Symantec Altiris Deployment Solution Local Access Elevation of Privilege in Client GUI
SUMMARY A local access elevation of privilege issue has been identified and resolved in the Symantec Altiris Deployment Solution Client GUI. Successful exploitation could result in unauthorized local system access on a client system. Severity Medium Remote Access adjacent network | No ---|--- Loc...
verisign-xss.txt
VeriSign Kontiki Delivery Management System DMS Cross-Site Scripting Vulnerability CVE Number: CVE-2008-4393 Vulnerability Type / Importance: XSS / Medium Problem discovered: September 24th 2007 Vendor contacted: September 26th 2007 Advisory published: March 28th 2008 Abstract The Kontiki Deliver...
Symantec Altiris Notification Server Agent GUI Local Elevation of Privilege
SUMMARY A non-privileged user can leverage the Symantec Altiris Notification Server Agent Graphical User Interface GUI to gain privileged access to the system. Severity Medium Remote Access adjacent network | No ---|--- Local Access | Yes Authentication Required | Yes Exploit available | No...
IRM Security Advisory : Barracuda Networks Spam Firewall Cross-Site Scripting Vulnerability
Barracuda Networks Spam Firewall Cross-Site Scripting Vulnerability CVE Number: CVE-2008-2333 Vulnerability Type / Importance: Cross-Site Scripting Reflected / Medium Problem Discovered 24 April 2008 Vendor Contacted 24 April 2008 Advisory Published 22 May 2008 Abstract The Barracuda Spam Firewal...
IRM025: TIBCO Rendezvous RVD Daemon Remote Memory Leak DoS
-------------------------------------------------------- IRM Security Advisory 025 TIBCO Rendezvous RVD Daemon Remote Memory Leak DoS Vulnerability Type / Importance: Remote DoS / High Problem Discovered: 16 April 2007 Vendor Contacted: 16 April 2007 Advisory Published: 29 November 2007...
X-Kryptor Secure Client本地权限提升漏洞
X-Kryptor Secure Client是基于软件的VPN客户端,允许将家庭或移动的工作机连接到安全的局域网。 X-Kryptor Secure Client在处理认证操作时存在漏洞,本地攻击者可能利用此漏洞获取非授权访问。 如果在Microsoft Windows上使用X-Kryptor Secure...