9 matches found
WAGO GmbH & Co. KG Industrial Managed Switches
SUMMARY A vulnerability has been found affecting the Managed Switches of WAGO. An unauthenticated attacker can fully compromise the device via an undocumented function. 2. IMPACT This could lead to a full System compromise of the affected devices. 3. REMEDIATION Please update your devices to the...
GNU GLOBAL: Arbitrary code execution
Background GNU GLOBAL is a source code tagging system that works the same way across diverse environments, such as Emacs editor, Vi editor, Less viewer, Bash shell, various web browsers, etc. Description A vulnerability was found in an undocumented function of gozilla. Impact A remote attacker...
Faleemi FSC-880 CSRF / SQL Injection / Command Execution Vulnerabilities
Faleemi FSC-880 suffers from command execution, cross site request forgery, remote SQL injection, and various other vulnerabilities. Full disclosure is here: https://medium.com/iotsploit/faleemi-fsc-880-multiple-security-vulnerabilities-ed1d132c2cce === Timeline: 25 August 2017: the research was...
Faleemi FSC-880 CSRF / SQL Injection / Command Execution
Full disclosure is here: https://medium.com/iotsploit/faleemi-fsc-880-multiple-security-vulnerabilities-ed1d132c2cce === Timeline: 25 August 2017: the research was made 29 August 2017: an email was sent to the vendor, but with no answer 25 September 2017: public disclosure 26 September 2017:...
Microsoft Windows Kernel - IOCTL 0x120007 (NsiGetParameter) nsiproxy/netio Pool Memory Disclosure
Exploit for windows platform in category dos / poc / We have discovered that the handler of the 0x120007 IOCTL in nsiproxy.sys \.\Nsi device discloses portions of uninitialized pool memory to user-mode clients, likely due to output structure alignment holes. On our test Windows 7 32-bit...
Oracle Forms and Reports Database Vulnerability
Oracle Forms and Reports Database Vulnerability SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Reports Developer Version Release 9i to 10gr2 Database Disclosure
An undocumented PARSEQUERY function in Oracle Forms and Reports allows dumping database username and passwords unauthenticated. The patch / workaround just appears to obfuscate the issue but not actually address it. Affected systems include versions 9iAS, 9iDS, 10G DS and AS, and 10G AS...
Oracle Forms And Reports Database Disclosure
PARSEQUERY http://docs.oracle.com/cd/E1676401/bi.1111/b32121/pbrcla007.htmi640592 Description Use PARSEQUERY to parse an rwservlet query and display the constructed Reports Server command line. Syntax http://yourwebserver/reports/rwservlet/parsequery?server=servername&authid=username/password...
Sixnet Universal Protocol Undocumented Function Codes (Update B)
OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-13-231-01A Sixnet Universal Protocol Undocumented Function Codes that was published August 26, 2013, on the ICS-CERT Web page. --------- Begin Update B Part 1 of 1 -------- Researchers Kyle Stone and Mehdi Sabraoui...