SEC Consult Vulnerability Lab Security Advisory < 20171114-0 >
===
title: Authentication bypass, cross-site scripting & code
execution
product: Siemens SICAM RTUs SM-2556 C
X41 D-Sec GmbH Security Advisory: X41-2017-006
Multiple Vulnerabilities in PSFTPd Windows FTP Server
=
Overview
Confirmed Affected Versions: 10.0.4 Build 729
Confirmed Patched Versions: None
Vendor: Sergei Pleis Softwareentwicklung
Ven
[+] Credits: John Page a.k.a hyp3rlinx
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/CVE-2017-6331-SYMANTEC-ENDPOINT-PROTECTION-TAMPER-PROTECTION-BYPASS.txt
[+] ISR: ApparitionSec
Vendor:
===www.symantec.com
Product:
===
Symantec
Faraday is the Integrated Multiuser Risk Environment you have always
been looking for! It maps and leverages all the data you generate in
real time, letting you track and understand your audits. Our dashboard
for CISOs and managers uncovers the risks and impacts and risks being
assessed by the audi
Dear list,
This mail is not about a single vulnerability, but a more or less general
technique I discovered to abuse the restore from quarantine feature in
anti-virus solutions to gain local admin rights. As I also presented this
attack at the IT SECX conference, I had to invent a name for it t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
CA20171114-01: Security Notice for CA Identity Governance
Issued: November 14, 2017
Last Updated: November 14, 2017
CA Technologies support is alerting customers to a potential risk
with CA Identity Governance. A vulnerability exists that can
poten
[STX]
Subject: Vivotek IP Cameras - Remote Stack Overflow
Researcher: bashis (September-October 2017)
PoC: https://github.com/mcw0/PoC
Release date: November 13, 2017
Full Disclosure: 43 days
Attack Vector: Remote
Authentication: Anonymous (no credentials needed)
Firmware Vulnerable: Only 2017 v
