MediaWiki Cross-site Scripting

2007-02-20 Thread eyal
MediaWiki Cross-site Scripting Vulnerabilities. Date: 18/02/2007 Vendor: MediaWiki Vulnerable versions: MediaWiki 1.9.2 (latest) and below. Description: MediaWiki v1.8.2 and below are vulnerable to plain Cross-site scripting attack by expliting the experimental AJAX features, if enabled (def

New freeware tools available from WebCohort

2003-02-13 Thread Eyal Udassin
to quickly locate design errors and parameters that may be prone to SQL Injection or parameter tampering problems. Mapper also supports non-standard parameter delimiters and MVC-based web sites. Eyal Udassin Application Security Consultant WebCohort Ltd.

C4 SCADA Security Advisory - AREVA e-terrahabitat / e-terrap latform Multiple Vulnerabilities

2009-02-05 Thread Eyal Udassin
ntifiers assigned to these vulnerabilities by CERT are: CVE-2009-0211 CVE-2009-0212 CVE-2009-0213 CVE-2009-0214 Credit These vulnerabilities were discovered and exploited by Jonathan Afek and Eyal Udassin from C4 Security (http://www.c4-security.com). C4 Security is a leader in SCADA

C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Authentication Vulnerability

2008-01-25 Thread Eyal Udassin
ility personnel and governmental agencies. The CVE identifier assigned to this vulnerability by CERT is CVE-2008-0174 Credit - This vulnerability was discovered by Eyal Udassin of C4. Regards, Eyal Udassin - C4 (Formerly Swift Coders) 33 Jabotinsky St. The Twin Towers #1, Ramat Gan, I

C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Arbitrary File Upload and Execution

2008-01-25 Thread Eyal Udassin
and governmental agencies. The CVE identifier assigned to this vulnerability by CERT is CVE-2008-0175 Credit This vulnerability was discovered and exploited by Eyal Udassin of C4. Regards, Eyal Udassin - C4 (Formerly Swift Coders) 33 Jabotinsky St. The Twin Towers #1, Ramat Gan

C4 Security Advisory - GE Fanuc Cimplicity 6.1 Heap Overflow

2008-01-25 Thread Eyal Udassin
-2008-0176 Credit This vulnerability was discovered and exploited by Gilad Bakas and Eyal Udassin of C4. Regards, Eyal Udassin - C4 (Formerly Swift Coders) 33 Jabotinsky St. The Twin Towers #1, Ramat Gan, Israel [EMAIL PROTECTED] / www.c4-security.com <http://www.c4-security.com/>

C4 SCADA Security Advisory - OSISoft PI Server Authenticatio n Weakness

2009-09-30 Thread Eyal Udassin
e CVE identifier assigned to this vulnerability by CERT is CVE-2009-209. Credit This vulnerability was discovered and exploited by Eyal Udassin, Jonathan Afek and Yaron Budowsky from C4 Security (http://www.c4-security.com). C4 Security is a leader in SCADA security reviews, auditin

C4 SCADA Security Advisory - Rockwell Automation (Allen Br adley) Multiple Vulnerabilities in Micrologix 1100 & 1400 Series Controllers

2010-01-15 Thread Eyal Udassin
vulnerabilities were discovered and exploited by Eyal Udassin from C4 Security (http://www.c4-security.com). We would like to thank Rockwell Automation and CERT for their professional handling of the vulnerability disclosure process. C4 Security is a leader in SCADA security reviews, auditing and penetration testing.