Blog Posts Tagged with "vulnerability"
April 03, 2013 Added by:Steve Ragan
ICS-CERT has issued a warning this week after vulnerability details concerning Mitsubishi’s MX Component started to gain attention online.
April 03, 2013 Added by:Rohit Sethi
The March 24th public disclosure of a MongoDB zero-day vulnerability (CVE-2013-1892) has been raising eyebrows and initiating discussion among IT security and developers alike. Here’s why we think it stands out...
March 08, 2013 Added by:Mike Lennon
Ryan Naraine talks to Vupen CEO Chaouki Bekrar about the controversies surrounding the sale of zero-day vulnerabilities and exploits, his company’s business dealings and the work that goes into winning the CanSecWest Pwn2Ownhacker contest.
February 26, 2013 Added by:Alexander Polyakov
ERPScan researchers helped Oracle to eliminate a dangerous vulnerability in JD Edwards' Enterprise One, in the way the thick client is used on workstations. The vulnerability was closed in the January patch by Oracle (CVE-2012-1678).
February 14, 2013 Added by:Mike Lennon
The exploits have been seen in extremely targeted attacks against high profile targets, and are a sophisticated effort that appear to be the first to successfully escape Adobe’s “protected mode” sandbox. Make no mistake about it; this attack is serious business and not the work of amateurs.
August 23, 2012 Added by:Infosec Island Admin
ICS-CERT is aware of a report of hard-coded RSA SSL private key within RuggedCom’s Rugged Operating System (ROS). The vulnerability with proof-of-concept (PoC) exploit code by security researcher Justin W. Clarke can be used to decrypt SSL traffic between an end user and a RuggedCom network device...
August 13, 2012 Added by:Infosec Island Admin
Siemens has reported to ICS-CERT that a default password vulnerability exists in the Siemens Synco OZW Web Server device used for building automation systems. Siemens urges their customers to set a secure password on their device’s web interface. This vulnerability could be exploited remotely...
August 08, 2012 Added by:Infosec Island Admin
ICS-CERT is aware of a public report of a directory traversal vulnerability with proof-of-concept (PoC) exploit code affecting SpecView when a specially crafted request is passed to the web server running on Port 80\TCP. Successful exploitation could result in data leakage...
July 25, 2012 Added by:Infosec Island Admin
Siemens self-reported a DLL hijacking vulnerability in SIMATIC STEP 7 and SIMATIC PCS 7 software. This vulnerability can be remotely exploited and public exploits are known to target this vulnerability. Siemens has produced a patch that resolves this vulnerability...
July 10, 2012 Added by:Pierluigi Paganini
Tor Project found a vulnerability in Cyberoam DPI where all share the same digital certificate and the private key is the same for every device. The implications are serious, as it could be possible to catch traffic from any user by extracting the key and importing it into other DPI devices for interception...
July 04, 2012 Added by:Alexander Polyakov
Two buffer overflow vulnerabilities in SAP Message Server can be exploited remotely so that exploit code can be executed. Out of 1000 companies that use SAP worldwide, randomly selected in the course of the research, 4% expose SAP Message Server to the Internet. This can lead to critical consequences...
June 28, 2012 Added by:Headlines
“The bug will be injected on the remote way, affects the local validation (html/xml) and change the technic back when remotely transferring the password lists. The injection of the malicious URL/domain context can be done via auto save of URLs (victim) or manually (reproduce)," the researchers stated...
June 18, 2012 Added by:Infosec Island Admin
ICS-CERT is aware of a public report of a buffer overflow vulnerability with proof-of-concept exploit code affecting Sielco Sistemi Winlog. The vulnerability is exploitable by sending specially crafted requests to TCP/46824 which could result in a denial of service and remote code execution...
June 10, 2012 Added by:Scot Terban
LinkedIn and other companies like Sony have shown time and again, they DON’T CARE about YOUR data. Always remember this people. So, you want an account on these places, then you best make a throw away password and limit your data on the sites that host it. Otherwise, your data will be up for the taking...
May 31, 2012 Added by:Rob Fuller
When I started looking into appending or inserting lines into /etc/sudoers for CCDC, I happened upon an interesting function of that file. Near the end of the file there are two lines that look commented out, but in actuality are interpreted and acted upon, an evil way to stay hidden on a 'nix box...
May 30, 2012 Added by:Scot Terban
As technologies advance and the human nature side of things continues to allow for strides in security as well as the inevitable setbacks, you will become the ultimate target of the easy score for data that could lead to compromise. After all, what do you think the real persistent threats rely on? Human nature...
Steps Toward Weaponizing the Android Platfor... Freid Jerome on 05-17-2013