|
|
Prev week |
Colapse all |
Post message
SCADA Trojans: Attacking the Grid + Advantech vulnerabilities 2011-03-22 Reversemode (advisories reversemode com) Hi! You can download the slides of the research I was presenting at RootedCon'11 in Madrid "SCADA Trojans: Attacking the grid". A journey into attacking the power grid. I presented: - 0days in Advantech/BroadWin WebAccess SCADA product - Weak Design/Vulnerabilities in CSE-Semaphore TBOX RTUs - Ge [ more ] [ reply ] Re: Vulnerabilities in some SCADA server softwares 2011-03-22 Michal Zalewski (lcamtuf coredump cx) > Analogy: Car owner has his car speed up ending up in almost near > catastrophe. Car owner goes to media outlets condemning the > manufacturer: "How could you be so reckless! Thousand of lives..." > Reality: Car manufacturer was never made aware of the issue. How do you > propose a manufacturer fix [ more ] [ reply ] [security bulletin] HPSBMA02647 SSRT100383 rev.1 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Insecure SNMP Configuration 2011-03-22 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02757867 Version: 1 HPSBMA02647 SSRT100383 rev.1 - HP Discovery & Dependency Mapping Inventory (DDMI) Running on Windows, Insecure SNMP Configuration NOTICE: The information in this Security Bul [ more ] [ reply ] Apple HFS+ Information Disclosure Vulnerability 2011-03-22 VSR Advisories (advisories vsecurity com) ZDI-11-109: (Pwn2Own) Apple Safari OfficeArtBlip Parsing Remote Code Execution Vulnerability 2011-03-22 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-109: (Pwn2Own) Apple Safari OfficeArtBlip Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-109 March 22, 2011 -- CVE ID: CVE-2011-1417 -- CVSS: 9.7, (AV:N/AC:L/Au:N/C:C/I:C/A:P) -- Affected Vendors: Apple -- Affected Products: Apple Safari [ more ] [ reply ] ZDI-11-108: Mac OS X Compact Font Format Decoder Remote Code Execution Vulnerability 2011-03-22 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-108: Mac OS X Compact Font Format Decoder Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-108 March 22, 2011 -- CVE ID: CVE-2011-0176 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Apple -- Affected Products: Apple Preview -- Tipp [ more ] [ reply ] NSOADV-2011-001: Symantec LiveUpdate Administrator CSRF vulnerability 2011-03-22 NSO Research (nso-research sotiriu de) ______________________________________________________________________ NSOADV-2011-001: Symantec LiveUpdate Administrator CSRF vulnerability ______________________________________________________________________ ______________________________________________________________________ [ more ] [ reply ] NGS00016 Technical Advisory: Immunity Debugger Buffer Overflow 2011-03-22 Research@NGSSecure (research ngssecure com) ======= Summary ======= Name: Immunity Debugger Buffer Overflow Release Date: 22 March 2011 Reference: NGS00016 Discoverer: Paul Harrington Vendor: Immunity Inc Vendor Reference: Support #3171 Systems Affected: Windows Risk: Low Status: Fixed ======== TimeLine ======== Discovered: 28 October 2010 R [ more ] [ reply ] CMS Balitbang 3.3 Arbitary File Upload Vulnerability 2011-03-22 eidelweiss windowslive com =================================================================== CMS Balitbang v.3.3 Arbitary file upload vulnerability =================================================================== Software: CMS Balitbang Vendor: www.kajianwebsite.org Vuln Type: Arbitary file upload Download [ more ] [ reply ] NGS00014 Technical Advisory: Cisco IPSec VPN Implementation Group Name Enumeration 2011-03-22 Research@NGSSecure (research ngssecure com) ======= Summary ======= Name: Cisco IPSec VPN Implementation Group Name Enumeration Release Date: 22 March 2011 Reference: NGS00014 Discoverer: Gavin Jones Vendor: Cisco Vendor Reference: CSCei51783, CSCtj96108 Systems Affected: ASA 5500 Series Adaptive Security Appliances -Cisco PIX 500 Series Secu [ more ] [ reply ] iDefense Security Advisory 03.21.11: Apple OfficeImport Framework Excel Memory Corruption Vulnerability 2011-03-21 labs-no-reply (labs-no-reply ivcp vrsn com) iDefense Security Advisory 03.21.11 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 21, 2011 I. BACKGROUND The OfficeImport framework is an API used by Apple's mobile devices, including the iPod Touch, iPhone, and iPad. The framework is used to parse and display Microsoft Office file fo [ more ] [ reply ] NGS00052 Patch Notification: Apple Mac OS X Image RAW Multiple Buffer Overflows 2011-03-22 Research@NGSSecure (research ngssecure com) Apple Mac OS X Image RAW Multiple Buffer Overflows 22/03/2011 Paul Harrington of NGS Secure has discovered a High risk vulnerability in Mac OS X Image RAW. Multiple buffer overflow issues existed in Image RAW's handling of Canon RAW images. Viewing a maliciously crafted Canon RAW image may result [ more ] [ reply ] ZDI-11-107: Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerability 2011-03-21 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-107: Libtiff ThunderCode Decoder THUNDER_2BITDELTAS Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-107 March 21, 2011 -- CVE ID: CVE-2011-1167 -- CVSS: 9, (AV:N/AC:L/Au:N/C:P/I:P/A:C) -- Affected Vendors: Libtiff -- Affected Products: Libtiff lib [ more ] [ reply ] NGS00057 Patch Notification: Apple Mac OS X ImageIO Integer Overflow 2011-03-22 Research@NGSSecure (research ngssecure com) Apple Mac OS X ImageIO Integer Overflow 22/03/2011 Dominic Chell of NGS Secure has discovered a High risk vulnerability in Mac OS X ImageIO. An integer overflow issue exists in ImageIO's handling of JPEG-encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected appl [ more ] [ reply ] Re: Vulnerabilities in some SCADA server softwares 2011-03-21 Luigi Auriemma (aluigi autistici org) > At what point in time did you try contacting any of the vendors for > these issues? the vendors of the affected softwares have not been contacted. > How do you propose a manufacturer fix an issue? in the security field a public vulnerability is a dead vulnerability, anyone who has found and re [ more ] [ reply ] Re: Vulnerabilities in some SCADA server softwares 2011-03-21 J. Oquendo (sil infiltrated net) On 3/21/2011 12:16 PM, Luigi Auriemma wrote: > The following are almost all the vulnerabilities I found for a quick > experiment some months ago in certain well known server-side SCADA > softwares still vulnerable in this moment. At what point in time did you try contacting any of the vendors for t [ more ] [ reply ] Douran Portal File Download/Source Code Disclosure Vulnerability 2011-03-20 support ajaxtm com # Title: [Douran Portal File Download/Source Code Disclosure Vulnerability] # Date of Publishing: [16 March 2010] # Application Name: [Douran Portal] # Version: [3.9.7.8] # Impact: [Medium] # Vendor: www.douran.com # Link: http://douran.com/HomePage.aspx?TabID=4862 # Vendor Response(s): They didn't [ more ] [ reply ] ZDI-11-105: Hewlett-Packard Client Automation radexecd.exe Remote Code Execution Vulnerability 2011-03-18 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-105: Hewlett-Packard Client Automation radexecd.exe Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-105 March 18, 2011 -- CVE ID: CVE-2011-0889 -- CVSS: 10, (AV:N/AC:L/Au:N/C:C/I:C/A:C) -- Affected Vendors: Hewlett-Packard -- Affected Products: Hew [ more ] [ reply ] Vulnerabilities in some SCADA server softwares 2011-03-21 Luigi Auriemma (aluigi autistici org) The following are almost all the vulnerabilities I found for a quick experiment some months ago in certain well known server-side SCADA softwares still vulnerable in this moment. In case someone doesn't know SCADA (like me before the tests): it's just one or more softwares (usually a core, a graphi [ more ] [ reply ] ZDI-11-106: Novell Netware NWFTPD.NLM DELE Remote Code Execution Vulnerability 2011-03-18 ZDI Disclosures (zdi-disclosures tippingpoint com) ZDI-11-106: Novell Netware NWFTPD.NLM DELE Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-106 March 18, 2011 -- CVE ID: CVE-2010-4228 -- CVSS: 9, (AV:N/AC:L/Au:S/C:C/I:C/A:C) -- Affected Vendors: Novell -- Affected Products: Novell Netware -- TippingPoi [ more ] [ reply ] Privacy, Security, Trust (PST 2011) - Call for Papers (EXTENDED Deadline: April 3, 2011) 2011-03-20 Serguei A. Mokhov on behalf of PST-11 (mokhov cse concordia ca) [ Apologies if you receive multiple copies of this announcement. Please pass it on to your colleagues and students who might be interested in contributing. ] NOTICE: due to several received requests, we extended the paper submission deadline to April 3, 2011. Ninth Annual Conference on [ more ] [ reply ] |
|
Privacy Statement |
Hash: SHA1
- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2198-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Nico Golde
March 22, 2011
[ more ] [ reply ]