On "Advanced" Network Security Monitoring

My TaoSecurity News page says I taught 41 classes lasting a day or more, from 2002 to 2014. All of these involved some aspect of network security monitoring NSM. Many times students would ask me when I would create the "advanced" version of the class, usually in the course feedback. I could never...

Huawei Mobile GPU Driver Memory Double Release Vulnerability

Huawei Mate 9 and Mate 9 Pro are both smartphone products from the Chinese company Huawei.GPU driver is one of the graphics drivers used in... A double release vulnerability exists in the GPU driver in Huawei Mate 9 versions prior to MHA-AL00B 8.0.0.334C00 and Mate 9 Pro versions prior to LON-AL0...

WAGO PFC 200 SERIES Multiple Vulnerabilities

Exploit for hardware platform in category local exploits VENDOR DESCRIPTION “The WAGO-I/O-SYSTEM is a flexible fieldbus-independent solution for decentralized automation tasks. With the relay, function and interface modules, as well as overvoltage protection, WAGO provides a suitable interface fo...

libxls xls_mergedCells Code Execution Vulnerability(CVE-2017-2896)

Summary An exploitable out-of-bounds write vulnerability exists in the xlsmergedCells function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious xls file to trigger this vulnerability. Tested Versions libxl...

HP iMC Plat 7.2 - Remote Code Execution (2)

!/opt/local/bin/python2.7 Exploit Title: HP iMC Plat 7.2 dbman Opcode 10008 Command Injection RCE Date: 11-29-2017 Exploit Author: Chris Lyne @lynerc Vendor Homepage: www.hpe.com Software Link:...

libxls xls_appendSST Code Execution Vulnerability(CVE-2017-12110)

Summary An exploitable integer overflow vulnerability exists in the xlsappendSST function of libxls 1.4. A specially crafted XLS file can cause memory corruption resulting in remote code execution. An attacker can send a malicious XLS file to trigger this vulnerability. Tested Versions libxls 1.4...

Creolabs Gravity Memory Misreference Vulnerability

Creolabs Gravity is an open source lightweight embedded programming language from Creolabs, Italy. The language supports procedural programming, object-oriented programming, functional programming and data-driven programming. A memory misreference vulnerability exists in Creolabs Gravity version...

[SECURITY] Fedora 27 Update: ldns-1.7.0-9.fc27

ldns is a library with the aim to simplify DNS programming in C. All low-level DNS/DNSSEC operations are supported. We also define a higher level API which allows a programmer to for instance create or sign packets...

CODESYS Service Detection (TCP)

TCP based detection of services supporting / using the CODESYS programming interface / runtime. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

[SECURITY] [DSA 4034-1] varnish security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4034-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso November 15, 2017 https://www.debian.org/security/faq -...

libxls read_MSAT Code Execution Vulnerability

Summary An exploitable out-of-bounds write vulnerability exists in the readMSAT function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. Tested Versions libxls 1.4...

libxls xls_mergedCells Code Execution Vulnerability

Summary An exploitable out-of-bounds write vulnerability exists in the xlsmergedCells function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious xls file to trigger this vulnerability. Tested Versions libxl...

libxls xls_preparseWorkSheet MULBLANK Code Execution Vulnerability

Summary An exploitable integer overflow vulnerability exists in the xlspreparseWorkSheet function of libxls 1.4 when handling a MULBLANK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this...

Debian: Security Advisory (DSA-4034-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2017-14020

In AutomationDirect CLICK Programming Software Part Number C0-PGMSW Versions 2.10 and prior; C-More Programming Software Part Number EA9-PGMSW Versions 6.30 and prior; C-More Micro Part Number EA-PGMSW Versions 4.20.01.0 and prior; Do-more Designer Software Part Number DM-PGMSW Versions 2.0.3 and...

CVE-2017-14020

CVE-2017-14020 affects AutomationDirect products including CLICK Programming Software (C0-PGMSW) <= v2.10, C-More Programming Software (EA9-PGMSW) <= v6.30, C-More Micro (EA-PGMSW) <= v4.20.01.0, Do-more Designer (DM-PGMSW) <= v2.0.3, GS Drives (GSOFT) <= v4.0.6, SL-SOFT SOLO (SL-S...

CVE-2017-14020

In AutomationDirect CLICK Programming Software Part Number C0-PGMSW Versions 2.10 and prior; C-More Programming Software Part Number EA9-PGMSW Versions 6.30 and prior; C-More Micro Part Number EA-PGMSW Versions 4.20.01.0 and prior; Do-more Designer Software Part Number DM-PGMSW Versions 2.0.3 and...

CVE-2017-2909

An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this vulnerability...

Security feature bypass

An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this vulnerability...

CVE-2017-2909

An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this vulnerability...