Blog Posts Tagged with "Proof of Concept"
ICS-CERT: SpecView Directory Traversal Vulnerability
August 08, 2012 Added by:Infosec Island Admin
ICS-CERT is aware of a public report of a directory traversal vulnerability with proof-of-concept (PoC) exploit code affecting SpecView when a specially crafted request is passed to the web server running on Port 80\TCP. Successful exploitation could result in data leakage...
Comments (0)
ICS-CERT: Kessler-Ellis Products Exploit POC
August 02, 2012 Added by:Infosec Island Admin
ICS-CERT has notified the affected vendor of the report and has asked the vendor to confirm the vulnerability and identify mitigations. ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cybersecurity attacks...
Comments (0)
Rakshasa: Is it Possible to Design the Perfect Hardware Backdoor?
August 01, 2012 Added by:Pierluigi Paganini
Rakshasa malware infects the host’s BIOS and takes advantage of a vulnerable aspect of traditional architecture, as peripherals like network cards or sound cards can write to the computer’s RAM or to portions of the memory allocated to any of the other peripherals. It is hard to detect, and quite impossible to remove...
Comments (5)
ICS-CERT: Tridium Niagara Vulnerabilities
July 16, 2012 Added by:Infosec Island Admin
Researchers have notified ICS-CERT of a directory traversal and weak credential storage vulnerability with proof-of-concept exploit code for Tridium Niagara AX Framework software that is exploitable by downloading and decrypting the file containing the user credentials from the server...
Comments (1)
ICS-CERT: Sielco Sistemi Winlog Multiple Vulnerabilities
July 02, 2012 Added by:Infosec Island Admin
Sielco Sistemi Winlog Version 2.07.14 can be exploited remotely by sending specially crafted requests to TCP/46824. ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cybersecurity attacks...
Comments (0)
ICS-CERT: Pro-face Pro-Server EX Multiple Vulnerabilities
May 18, 2012 Added by:Infosec Island Admin
The vulnerabilities affecting Pro-face Pro-Server include invalid memory access, buffer overflow, unhandled exception, and memory corruption with proof-of-concept exploit code. According to this report, these vulnerabilities are exploitable via specially crafted packets...
Comments (0)
ICS-CERT: Certec WebMI2ADS Multiple Vulnerabilities
April 17, 2012 Added by:Infosec Island Admin
Researcher Luigi Auriemma has identified multiple vulnerabilities in Certec’s WebMI2ADS application. Successful exploitation of these vulnerabilities may allow an attacker to cause a denial of service (DoS) or could lead to data leakage...
Comments (0)
ICS-CERT: MICROSYS PROMOTIC Vulnerability POC
April 13, 2012 Added by:Infosec Island Admin
Researcher Luigi Auriemma identified and released proof of concept code (POC) for a use after free vulnerability in the MICROSYS, spol. s r.o. PROMOTIC application wgich may result in adverse conditions ranging from the corruption of valid data to the execution of arbitrary code...
Comments (0)
Researchers Demonstrate Cell Phone Tracking Vulnerability
February 20, 2012 Added by:Headlines
Researchers at the University of Minnesota’s College of Science and Engineering have revealed a technique that could allow an unauthorized third-party to track the location of a cell phone using data available from cellular networks...
Comments (0)
ICS-CERT: Koyo Ecom100 Brute Force Cracking Tool
February 15, 2012 Added by:Headlines
A brute force password cracking tool has been released that targets the weak authentication vulnerability in the Koyo ECOM100 Ethernet Module. This tool may greatly reduce the time and skill level required to attack a vulnerable system...
Comments (0)
ICS-CERT: Advantech BroadWin WebAccess Vulnerabilities
February 10, 2012 Added by:Headlines
ICS-CERT is aware of a public report about an RPC server vulnerability with proof-of-concept (PoC) exploit code affecting the Advantech BroadWin WebAccess software, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product...
Comments (0)
ICS-CERT: Rockwell Automation FactoryTalk Vulnerability
January 21, 2012 Added by:Headlines
Multiple vulnerabilities have been with proof-of-concept exploit code affecting Rockwell Automation FactoryTalk, a SCADA/HMI product. The vulnerability is exploitable by sending specially crafted packets to the server. This report was released by Luigi Auriemma...
Comments (0)
Researcher Ups Ante on Hacking Medical Devices
October 31, 2011 Added by:Headlines
"You're not meant to be able to grab serial numbers out of the air. This tool I developed should be able to scan the frequency for these pumps, retrieve the pump ID, and with that pump I can then dispense insulin, suspend the pump, resume it and that type of thing..."
Comments (0)
Researcher Discovers New SCADA Vulnerabilities
September 19, 2011 Added by:Headlines
"Finding zero-day (previously unknown holes) in SCADA software is like nuking fish in a barrel. People purchasing these systems need to push back on suppliers and ask them what they are doing to secure the system before selling it to customers," said Chris Wysopal, CTO for Veracode...
Comments (0)
Skype Vulnerable to HTML/JavaScript Code Injection
August 23, 2011 Added by:Headlines
"Does it make sense to allow users to 'embed' HTML code in their Skype profile and especially in those 'phone number' fields? Also, there is no option to define any HTML code in Skype client. I was able to find those bugs with Linux Skype client. I guess they don't focus so much on that client..."
Comments (0)
Researchers Break Military Chip Encryption Keys
August 04, 2011 Added by:Dan Dieterle
In the attack, power use is monitored during the power up sequence of the chip. As it is powered up, the chip accesses a key used to decrypt the configuration data file and data stream. By analyzing the power used, the team was able to decrypt the key...
Comments (0)
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox
- The Emperor Is Naked!
- Infographic: Keeping Web Applications Safe