Siemens Tecnomatix FactoryLink SCADA CSService List Path Buffer Overflow

Siemens Tecnomatix FactoryLink is a Supervisory Control and Data Acquisition SCADA system used for monitoring and controlling industrial processes. A buffer overflow vulnerability have been reported in Siemens Tecnomatix FactoryLink SCADA system. The vulnerability is due to a boundary error in...

Siemens Tecnomatix FactoryLink SCADA CSService List Filter Buffer Overflow

Siemens Tecnomatix FactoryLink is a Supervisory Control and Data Acquisition SCADA system used for monitoring and controlling industrial processes. A buffer overflow vulnerability have been reported in Siemens Tecnomatix FactoryLink SCADA system. The vulnerability is due to a boundary error in...

Gadu-Gadu Remote Code Execution

Vendor: Gadu-Gadu http://gadu-gadu.pl Vulnerable Version: All Vulnerability Type: MITM, Remote Code Execution Risk level: High Credit: Kacper Szczesniak Vulnerability Details: Gadu-Gadu is vulnerable to the Man-In-The-Middle attack allowing remote code execution on a victim host. JavaScript code ...

DEBIAN-CVE-2011-1784

The pidfilewrite function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the 1 keepalived.pid, 2 checkers.pid, and 3 vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files...

CVE-2011-2147

Openswan 2.2.x does not properly restrict permissions for 1 /var/run/starter.pid, related to starter.c in the IPsec starter, and 2 /var/lock/subsys/ipsec, which allows local users to kill arbitrary processes by writing a PID to a file, or possibly bypass disk quotas by writing arbitrary data to a...

CVE-2011-1784

The pidfilewrite function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the 1 keepalived.pid, 2 checkers.pid, and 3 vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files...

Design/Logic Flaw

Openswan 2.2.x does not properly restrict permissions for 1 /var/run/starter.pid, related to starter.c in the IPsec starter, and 2 /var/lock/subsys/ipsec, which allows local users to kill arbitrary processes by writing a PID to a file, or possibly bypass disk quotas by writing arbitrary data to a...

CVE-2011-1784

The pidfilewrite function in core/pidfile.c in keepalived 1.2.2 and earlier uses 0666 permissions for the 1 keepalived.pid, 2 checkers.pid, and 3 vrrp.pid files in /var/run/, which allows local users to kill arbitrary processes by writing a PID to one of these files...

7T Interactive Graphical SCADA System File Operations Buffer Overflows (CVE-2011-1567; CVE-2011-4050)

7-Technologies' IGSS is a Supervisory Control and Data Acquisition SCADA system used for monitoring and controlling industrial processes. Multiple buffer overflow vulnerabilities have been reported in 7T Interactive Graphical SCADA System IGSS. The vulnerability is due to boundary errors in the...

[SECURITY] Fedora 14 Update: polkit-0.98-5.fc14

PolicyKit is a toolkit for defining and handling authorizations. It is used for allowing unprivileged processes to speak to privileged processes...

CVE-2011-1439

CVE-2011-1439 affects Google Chrome on Linux prior to 11.0.696.57. The vulnerability arises from improper isolation of renderer processes, with unspecified impact and remote attack vectors described in the entry. The issue was fixed in Chrome 11.0.696.57 (stable update), per Google's Chrome relea...

backorifice-info NSE Script

Connects to a BackOrifice service and gathers information about the host and the BackOrifice service itself. The extracted host information includes basic system setup, list of running processes, network resources and shares. Information about the service includes enabled port redirections,...

Windows Manage Inject in Memory Multiple Payloads

This module will inject in to several processes a given payload and connecting to a given list of IP Addresses. The module works with a given lists of IP Addresses and process PIDs if no PID is given it will start a the given process in the advanced options and inject the selected payload in to t...

The Challenge of Starting an Application Security Program

Since organizations started opening their internal applications to the Web, a little more than a decade ago, it became clear that the security of those connected applications would be more complex – and critical to get right – than before. Unfortunately, through complacency, perhaps a feeling tha...

Microsoft Windows CSRSS LPC_PORT_CLOSED Information Disclosure (MS11-010; CVE-2011-0030)

The Client/Server Run-time Subsystem CSRSS is the user-mode portion of the Win32 subsystem. CSRSS is an essential subsystem that must be running at all times. CSRSS is responsible for console windows, and creating and/or deleting threads. An elevation of privilege vulnerability has been reported ...

RedHat Linux - Stickiness of tmp

RedHat Linux - Stickiness of tmp from: http://marc.info/?l=full-disclosure&m=129842239022495&w=2 Developers should not rely on the stickiness of /tmp on Red Hat Linux --------------------------------------------------------------------- Recent versions of Red Hat Enterprise Linux and Fedora provi...

RedHat Linux - Stickiness of /tmp

from: http://marc.info/?l=full-disclosure&m=129842239022495&w=2 Developers should not rely on the stickiness of /tmp on Red Hat Linux --------------------------------------------------------------------- Recent versions of Red Hat Enterprise Linux and Fedora provide seunshare, a setuid root utili...

SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 3068 / 3069 / 3070)

This SUSE Linux Enterprise 11 Service Pack 1 kernel contains various security fixes and lots of other bugfixes. Notable larger bugfixes and changes : - 603464: Fix system freezewhen doing a network crashdump with a netxennic driver - 610828: Avoid kernel failure on connects/disconnects to a novel...

HP-UX PHKL_40944 : HP-UX Running Threaded Processes, Remote Denial of Service (DoS) (HPSBUX02611 SSRT090201 rev.1)

s700800 11.31 fsfiledscrp cumulative patch : A potential security vulnerability has been identified with HP-UX running threaded processes. The vulnerability could be exploited remotely to create a Denial of Service DoS. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

HP-UX PHKL_39133 : HP-UX Running Threaded Processes, Remote Denial of Service (DoS) (HPSBUX02611 SSRT090201 rev.1)

s700800 11.11 SPP fragmentation;AIO;EVP;ufalloc;dup2 race : A potential security vulnerability has been identified with HP-UX running threaded processes. The vulnerability could be exploited remotely to create a Denial of Service DoS. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...