Security
Posted by Ian Ling on Apr 07
[+] Credits: Ian Ling
[+] Website: iancaling.com
[+] Source: http://blog.iancaling.com/post/159276197313
Vendor:
=================
http://www.dragonwaveinc.com/
Product:
======================
-DragonWave Horizon
Vulnerability Details:
=====================
DragonWave Horizon wireless radios have hard-coded login credentials meant
to allow the vendor to access the devices. These credentials can be used
via both Telnet and the web interface….
Posted by Karn Ganeshen on Apr 07
*VMU-C Web-Server solution for photovoltaic applications*
VMU-C EM is a data logger system for small to medium projects, VMUC-Y EM is
a hardware data aggregator for medium to larger projects and Em2 Server is
a software solution for large projects. They are designed to complement the
extensive line of Carlo Gavazzi energy meters and current transformers.
*ICS-CERT advisory*
https://ics-cert.us-cert.gov/advisories/ICSA-17-012-03
*CVE-IDs*…
Posted by Karn Ganeshen on Apr 07
Sielco Sistemi Winlog SCADA Software Insecure Library Loading Allows Code
Execution
Vendor: Sielco Sistemi
Equipment: Winlog SCADA Software
Vulnerability: Uncontrolled Search Path Element
ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-038-01
AFFECTED PRODUCTS
The following Sielco Sistemi products are affected:
Winlog Lite SCADA Software, versions prior to Version 3.02.01, and
Winlog Pro SCADA Software, versions prior to…
Posted by Karn Ganeshen on Apr 07
LCDS – Leão Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA
Access Control Vulnerability
Vendor: LCDS – Leão Consultoria e Desenvolvimento de Sistemas LTDA ME
Equipment: LAquis SCADA
Vulnerability: Improper Access Control
ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-075-01
AFFECTED PRODUCTS
The following versions of LAquis SCADA, an industrial automation software,
are affected:
LAquis SCADA software,…
Posted by Stefan Kanthak on Apr 07
Hi @ll,
1Password-4.6.1.619.exe, available from
<https://d13itkw33a7sus.cloudfront.net/dist/1P/win4/1Password-4.6.1.619.exe>
is vulnerable to DLL hijacking: it loads UXTheme.dll or DWMAPI.dll
from its “application directory” instead Windows
“system directory”.
For downloaded applications like 1Password-4.6.1.619.exe the
“application directory” is Windows’ “Downloads” folder.
See <…
Posted by MustLive on Apr 07
Hello participants of Mailing List.
Since announcement of DAVOSET in 2010 and after making its public release in
2013, I’ve made next update of the software. At 4th of April DAVOSET v.1.3.1
was released – DDoS attacks via other sites execution tool
(http://websecurity.com.ua/davoset/).
Video demonstration of DAVOSET: http://www.youtube.com/watch?v=RKi35-f346I
GitHub: https://github.com/MustLive/DAVOSET
Download DAVOSET v.1.3.1:…
A vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system. More Information: CSCuw63001 CSCuw63003. Known Affected Releases: 2.2(2). Known Fixed Releases: 3.1(0.0).
A vulnerability in the web interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to access sensitive data. The attacker does not need administrator credentials and could use this information to conduct additional reconnaissance attacks. More Information: CSCvc60031 (Fixed) CSCvc60041 (Fixed) CSCvc60095 (Open) CSCvc60102 (Open). Known Affected Releases: 2.2 2.2(3) 3.0 3.1(0.0) 3.1(0.128) 3.1(4.0) 3.1(5.0) 3.2(0.0) 2.0(4.0.45D).
A vulnerability in the CLI of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61384 CSCvb86764. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1647).
A vulnerability in the role-based resource checking functionality of Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in a UCS domain. More Information: CSCvc32434. Known Affected Releases: 5.5(0.1) 6.0(0.0).