Next Page >>
Additional Information
Exception Offset: 0008ae6e
Exception Code: c0000417
Exception Data: 00000000
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1033
Additional Information 1: e07f
Additional Information 2: e07f7afc2abe4439f8a8f96d499e3027
Additional Information 3: 5154
Additional Information 4: 515482f92719c2dc6fc04ebc97d28463
Exception Offset: 0008ae6e
Exception Code: c0000417
Exception Data: 00000000
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1033
Additional Information 1: e07f
Additional Information 2: e07f7afc2abe4439f8a8f96d499e3027
Additional Information 3: 5154
Additional Information 4: 515482f92719c2dc6fc04ebc97d28463
Workaround/Fix
-----------------------
The vendor issued a KB article on how to resolve this vulnerability at the
GE-Fanuc website, yet the proposed solution was not verified by C4.
Additional Information
-------------------------------
For additional information please contact us at info@c4-security.com. Note
that we will respond only to verified utility personnel and governmental
agencies.
The CVE identifier assigned to this vulnerability by CERT is CVE-2008-0174
Workaround/Fix
-----------------------
The vendor issued a security patch to address these vulnerabilities.
Additional Information
-------------------------------
For additional information please contact us at info_at_c4-security.com.
Note that we will respond only to verified utility personnel and
governmental agencies.
Details of this vulnerability will be disclosed only to legitimate parties
For details, please refer to the following link:
http://www.microsoft.com/technet/security/bulletin/MS11-050.mspx
Additional Information:
==================
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2011-1250 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org), which standardizes names for
-----------------------
Consult with Rockwell Automation or a SCADA security company on how to
mitigate the found vulnerabilities by restricting access to the control
network.
Additional Information
-------------------------------
For additional information please contact us at info_at_c4-security.com.
Note that we will respond only to verified utility personnel and
governmental agencies. Details of this vulnerability will be disclosed only
to legitimate parties such as asset owners (utilities), after receiving the
Affected Software:
==================
Oracle Secure Backup 10.2.0.2
Additional Information:
=======================
Sending a malformed NDMP client authentication(NDMP_CONECT_CLIENT_AUTH Command) packet will cause a overflow a buffer overflow due to
invalid bounds checking.
Explained: The above has minimal impact as it's almost impossible if not impossible to abuse. This works only when One is NOT logged in.
2. http://www.website.tld/achievo/dispatch.php?atknodetype=pim.pim&atkaction=<script>alert(document.cookie)</script>
Explained: The above has greater impact as it will survive a login. This is not filtered as well. This works only when One IS logged in.
Additional Information:
If: $config_session_regenerate = false; is set to 'true' in the config.inc.php then the session id's will be regenerated on each hit/click preventing session hijacking.
-:: Solution ::-
The most easy solution is to validate user input and strip or convert bad / html characters. Setting the above to true might solve the issue partially, however session hijacking is only one of the things you can do with cross site scripting.
Solutions & Workaround:
A personal firewall solution can be used for denying unwanted access to
the port, effectively avoiding possible attacks.
Additional Information
- ----------------------
Timeline:
2008-12-03: Issue discovery
2008-12-05: Initial Vendor Notification: Point of Contact requested via
Solutions & Workaround:
Not available
Additional Information
---------------------
Available at http://www.icysilence.org
Please download the latest version at the vendor's homepage:
http://www-01.ibm.com/support/docview.wss?uid=swg24024075
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ52433
Additional Information:
==================
The Common Vulnerabilities and Exposures (CVE) project has assigned the name
CVE-2009-2971 to this issue. This is a candidate for inclusion in the CVE
list (http://cve.mitre.org), which standardizes names for security problems.
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0x1a09d350, priority=1, domain=permit, deny=false
hits=1144595557, user_data=0x0, cs_id=0x0, l3_type=0x8
src mac=0000.0000.0000, mask=0000.0000.0000
dst mac=0000.0000.0000, mask=0000.0000.0000
This vulnerability is documented in Cisco bug ID CSCsi33940.
This Cisco Security Response is posted at the following link:
http://www.cisco.com/warp/public/707/cisco-sr-20070808-mp.shtml.
Additional Information
======================
Cisco Unified MeetingPlace Web Conferencing (MP) provides real-time
collaboration functionality to an organization's intranet and
extranet, and integrates Cisco Unified MeetingPlace with a web
-----------------------
Vendor fix will be available by Feb 15th.
A possible workaround is to remove the write permission of the IIS user from
the Proficy directory.
Additional Information
-------------------------------
For additional information please contact us at info@c4-security.com. Note
that we will respond only to verified utility personnel and governmental
agencies.
The CVE identifier assigned to this vulnerability by CERT is CVE-2008-0175
vulnerability:
. Enable the PI Server for Windows authentication and configure PI
Trust records
. Use IPSec between the PI Server and the different client computers
Additional Information
-------------------------------
For additional information please contact us at info_at_c4-security.com.
Note that we will respond only to verified utility personnel and
governmental agencies.
Details of this vulnerability will be disclosed only to legitimate parties
Affected Software:
==================
For a list of product versions affected, please see the Adobe Security Bulletin reference below.
Additional Information:
=======================
A crash will sometimes occur when processing a TrueType font within the document, leading to memory corruption and allowing the execution of remote code.
Solutions:
==========
Solutions & Workaround:
Not available
Additional Information
----------------------
Timeline (dd/mm/yy):
09/11/2009: Requested Point of Contact to Linksys
10/11/2009: Received Point of Contact
10/11/2009: Vulnerability details sent
2007.08.14 Microsoft released MS07-045 to fix the vulnerability.
For more details about Microsoft Security Bulletin, please refer to:
http://www.microsoft.com/technet/security/bulletin/MS07-045.mspx
Additional Information
========================
The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CVE-2007-0943 to this issue. This is a candidate for inclusion in the
CVE list (http://cve.mitre.org), which standardizes names for security problems.
This vulnerability was independently discovered and brought to Akamai's
attention by iDefense (http://labs.idefense.com).
* Additional Information:
http://www.akamai.com/html/support/security.html
* About Akamai:
NetWorker Module for Microsoft Exchange 5.1 SP1
NetWorker Module for Microsoft Applications 2.1
NetWorker Module for Meditech 2.0 SP1
NetWorker PowerSnap 2.4 SP2
Additional Information:
The RPC interface used by the affected EMC products does not properly enforce bounds checking on a parameter which is used to allocate memory on the heap. The vulnerable NetWorker products use the process "nsrexecd.exe". A remote attacker can exploit this by repeatedly sending requests to the RPC interface, each time allocating more and more memory. Eventually system resources will be exhausted, and denial of service is achieved.
Solutions:
Affected Software:
==================
Oracle Secure Backup 10.2.0.2
Additional Information:
=======================
1>[CVE-2008-5441]Sending a malformed NDMP connect open(NDMP_CONNECT_OPEN command) packet will cause a crash.
2>[CVE-2008-5442]Sending a malformed NDMP connect close(NDMP_CONNECT_CLOSE command) packet will cause a crash.
3>[CVE-2008-5443]Sending a malformed NDMP mover get state(NDMP_MOVER_GET_STATE command) packet will cause a crash.
Affected Software:
==================
For a list of Internet Explorer versions affected, please see the Microsoft Security Advisory reference below.
Additional Information:
=======================
In order to compromise a system / remotely execute code, an attacker would lure a user to a maliciously crafted website. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.
Solutions:
==========
The vulnerability has been fixed in Microsoft Security Bulletin MS09-058.
For details, please refer to the following link:
http://www.microsoft.com/technet/security/bulletin/MS09-058.mspx
Additional Information:
==================
The Common Vulnerabilities and Exposures (CVE) project has assigned the name
CVE-2009-2516 to this issue. This is a candidate for inclusion in the CVE
list (http://cve.mitre.org), which standardizes names for security problems.
Cisco would like to thank Florent Daigniere of Matta Consulting for
reporting these vulnerabilities to us. Cisco greatly appreciate the
opportunity to work with researchers on security vulnerabilities and
welcome the opportunity to review and assist in product reports.
Additional Information
======================
These vulnerabilities affect the following Cisco UVC Linux operating
system products:
CVE-2008-1770 was independently discovered and brought to Akamai's
attention by FortiNet (http://fortinet.com).
* Additional Information:
CVE-2008-1770
* About Akamai:
the way the kick command is and encode it using UTF-8. Append the packet
with 0x0A to show where the end of the command is. Hook your application
to GSC and determine the socket ID of it's current connection and
forward your packet through it's socket to the server.
Additional Information
-----------------------
The above information may be adapted to fit any administrator command
including those used to completely kick and ban users from GSC as a
whole, rather than just in a single channel. As is currently happening,
Affected Software:
For a list of operating system and product versions affected, please see the Microsoft Bulletin reference below.
Additional Information:
The vulnerability lies in "winproj.exe", which is used when processing a Project file. A maliciously crafted document may contain a list structure with a malformed element field, that when processed, will result in memory corruption and allow a remote attacker to arbitrarily execute code on the victims machine.
Solutions:
• Use the solution provided by Microsoft (MS09-074).
var date = new Date();
do { curDate = new Date(); }
while(curDate-date < 10000); // delay time (ms)
Additional Information
The advent of Big Data and Cloud Computing is driving adoption of NoSQL
in the enterprise. Because of this, NoSQL-related vulnerabilities are
expected to become much more widespread
(http://www.govtech.com/policy-management/9-Cybersecurity-Threat-Predictions-for-2012.html)
By sending properly formatted UDP datagrams to dccd daemon it is
possible to perform security relevant operation without any previous
authentication.
It is possible to remotely retrieve sensitive wireless configuration
parameters, such as Wi-Fi SSID, Encryption types, keys and passphrases,
along with other additional information.
It is also possible to remotely modify such parameters and configure the
device without any knowledge of the web administration password.
Remote reboot is another operation that an attacker may perform in an
unauthenticated way, possibly triggering a Denial-of-Service condition.
Affected Software:
==================
RealNetworks RealPlayer 11
Additional Information:
=======================
Internet Video Recording (IVR) files contain media content that is played and recorded by RealPlayer. A remote attacker could craft a malicious IVR file, that when sent to an unsuspecting user, may allow the execution of arbitrary code when viewed, using one of two vulnerabilities during RealPlayer's IVR processing routine:
* A heap corruption vulnerability that occurs when altering a field that determines the length of a structure
Next Page>>
|
