Posted by Karn Ganeshen on Apr 07

SenNet Data Logger appliances and Electricity Meters Multiple
Vulnerabilities

Note: Vendor has released the fix. Details to be documented in ICS-CERT
Advisory.

About
SenNet is a trademark of Satel Spain that offers monitoring and
remote-control solutions for businesses. Our engineers develop, integrate
and test the products of SenNet in our facilities in Madrid (Spain)….

Posted by Karn Ganeshen on Apr 07

Cambium SNMP Security Vulnerabilities

AFFECTED PRODUCTS

Cambium ePMP 1000
Cambium ePMP 2000
Cambium PMP XXX
Cambium ForceXXX models
Potentially all other models

IMPACT

These vulnerabilities may allow an attacker to access device configuration
as well as make unauthorized changes to the device configuration.

Disclosure Timelines

First reported to ICS-CERT – Sep 12, 2017
Latest vendor response – Apr 5, 2017
Fix planned for Q2 2017
Public…

Posted by Karn Ganeshen on Apr 07

*VMU-C Web-Server solution for photovoltaic applications*

VMU-C EM is a data logger system for small to medium projects, VMUC-Y EM is
a hardware data aggregator for medium to larger projects and Em2 Server is
a software solution for large projects. They are designed to complement the
extensive line of Carlo Gavazzi energy meters and current transformers.

*ICS-CERT advisory*
https://ics-cert.us-cert.gov/advisories/ICSA-17-012-03

*CVE-IDs*…

Posted by Ian Ling on Apr 07

[+] Credits: Ian Ling
[+] Website: iancaling.com
[+] Source: http://blog.iancaling.com/post/159276197313

Vendor:
=================
http://www.dragonwaveinc.com/

Product:
======================
-DragonWave Horizon

Vulnerability Details:
=====================

DragonWave Horizon wireless radios have hard-coded login credentials meant
to allow the vendor to access the devices. These credentials can be used
via both Telnet and the web interface….

Posted by Wester 95 on Apr 07

Hi team,

I would like to request one CVE ID with some issues of e107 CMS.

==========================

Title:Mutiple CSRF vulnerabilities in e107 CMS 2.1.4

Author:Zhiyang Zeng

Product:

—————

e107 is a powerful website content management system designed for bootstrap v3 from http://e107.org/get-started

—————

Fix

—————

Fixed in git source code…

Posted by Wester 95 on Apr 07

Hi team,

I would like to request one CVE id, thank you!

Details

======

Software: WordPress WHIZZ
Version: <1.1.1
Homepage: https://wordpress.org/plugins/whizz/

=======

Description
================
Get type CSRF in WordPress WHIZZ allows attackers to delete any wordpress users and change plugins status

POC:

========

include in the page ,then attack will occur:

delete user:

<img
src=”…

Posted by Wester 95 on Apr 07

Hi team,

I would like to request one CVE ID,thank you!;

Details
=======

Software:CopySafe Web

version:<2.6

description:Add copy protection from PrintScreen and screen capture. Copysafe Web uses encrypted images and domain lock
to extend copy protection for all media displayed on a web page.

========

Description

==========

CSRF in wordpress copysafe web allows attacker changes plugin settings

========

POC:

=======

<form…

Posted by Karn Ganeshen on Apr 07

LCDS – Leão Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA
Access Control Vulnerability

Vendor: LCDS – Leão Consultoria e Desenvolvimento de Sistemas LTDA ME
Equipment: LAquis SCADA
Vulnerability: Improper Access Control

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-075-01

AFFECTED PRODUCTS

The following versions of LAquis SCADA, an industrial automation software,
are affected:
LAquis SCADA software,…

Posted by Karn Ganeshen on Apr 07

Sielco Sistemi Winlog SCADA Software Insecure Library Loading Allows Code
Execution

Vendor: Sielco Sistemi
Equipment: Winlog SCADA Software
Vulnerability: Uncontrolled Search Path Element

ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-038-01

AFFECTED PRODUCTS

The following Sielco Sistemi products are affected:

Winlog Lite SCADA Software, versions prior to Version 3.02.01, and
Winlog Pro SCADA Software, versions prior to…

Posted by MustLive on Apr 07

Hello participants of Mailing List.

Since announcement of DAVOSET in 2010 and after making its public release in
2013, I’ve made next update of the software. At 4th of April DAVOSET v.1.3.1
was released – DDoS attacks via other sites execution tool
(http://websecurity.com.ua/davoset/).

Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I

GitHub: https://github.com/MustLive/DAVOSET

Download DAVOSET v.1.3.1:…