Security
Posted by Karn Ganeshen on Apr 07
SenNet Data Logger appliances and Electricity Meters Multiple
Vulnerabilities
Note: Vendor has released the fix. Details to be documented in ICS-CERT
Advisory.
About
SenNet is a trademark of Satel Spain that offers monitoring and
remote-control solutions for businesses. Our engineers develop, integrate
and test the products of SenNet in our facilities in Madrid (Spain)….
Posted by Wester 95 on Apr 07
Hi team,
I would like to request one CVE ID,thank you!;
Details
=======
Software:CopySafe Web
version:<2.6
description:Add copy protection from PrintScreen and screen capture. Copysafe Web uses encrypted images and domain lock
to extend copy protection for all media displayed on a web page.
========
Description
==========
CSRF in wordpress copysafe web allows attacker changes plugin settings
========
POC:
=======
<form…
Posted by Karn Ganeshen on Apr 07
Sielco Sistemi Winlog SCADA Software Insecure Library Loading Allows Code
Execution
Vendor: Sielco Sistemi
Equipment: Winlog SCADA Software
Vulnerability: Uncontrolled Search Path Element
ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-038-01
AFFECTED PRODUCTS
The following Sielco Sistemi products are affected:
Winlog Lite SCADA Software, versions prior to Version 3.02.01, and
Winlog Pro SCADA Software, versions prior to…
Posted by Karn Ganeshen on Apr 07
LCDS – Leão Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA
Access Control Vulnerability
Vendor: LCDS – Leão Consultoria e Desenvolvimento de Sistemas LTDA ME
Equipment: LAquis SCADA
Vulnerability: Improper Access Control
ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-075-01
AFFECTED PRODUCTS
The following versions of LAquis SCADA, an industrial automation software,
are affected:
LAquis SCADA software,…
Posted by Stefan Kanthak on Apr 07
Hi @ll,
1Password-4.6.1.619.exe, available from
<https://d13itkw33a7sus.cloudfront.net/dist/1P/win4/1Password-4.6.1.619.exe>
is vulnerable to DLL hijacking: it loads UXTheme.dll or DWMAPI.dll
from its “application directory” instead Windows
“system directory”.
For downloaded applications like 1Password-4.6.1.619.exe the
“application directory” is Windows’ “Downloads” folder.
See <…
Posted by MustLive on Apr 07
Hello participants of Mailing List.
Since announcement of DAVOSET in 2010 and after making its public release in
2013, I’ve made next update of the software. At 4th of April DAVOSET v.1.3.1
was released – DDoS attacks via other sites execution tool
(http://websecurity.com.ua/davoset/).
Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I
GitHub: https://github.com/MustLive/DAVOSET
Download DAVOSET v.1.3.1:…
A vulnerability in the detection engine that handles Secure Sockets Layer (SSL) packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the Snort process unexpectedly restarts. This vulnerability affects Cisco Firepower System Software prior to the first fixed release when it is configured with an SSL Decrypt-Resign policy. More Information: CSCvb62292. Known Affected Releases: 6.0.1 6.1.0 6.2.0. Known Fixed Releases: 6.2.0 6.1.0.2.
A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user. More Information: CSCuz06639 CSCuz42122. Known Affected Releases: 15.6(1.1)S 16.1.2 16.2.0 15.2(1)E. Known Fixed Releases: Denali-16.1.3 16.2(1.8) 16.1(2.61) 15.6(2)SP 15.6(2)S1 15.6(1)S2 15.5(3)S3a 15.5(3)S3 15.5(2)S4 15.5(1)S4 15.4(3)S6a 15.4(3)S6 15.3(3)S8a 15.3(3)S8 15.2(5)E 15.2(4)E3 15.2(3)E5 15.0(2)SQD3 15.0(1.9.2)SQD3 3.9(0)E.
A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61351 CSCvb61637. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1645) 2.0(1.82) 1.1(4.136.
A vulnerability in the CLI command parser of the Cisco Mobility Express 2800 and 3800 Series Wireless LAN Controllers could allow an authenticated, local attacker to obtain access to the underlying operating system shell with root-level privileges. More Information: CSCvb70351. Known Affected Releases: 8.3(102.0).