Regards,
Karn Ganeshen
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
a dll payload
msfvenom –p windows/exec cmd=calc.exe –f dll –o pegrc32a.dll
2. Place this dll in install directory (or any directory defined in the
PATH environment variable)
C:\DAQFactory\
3. Run DAQFactory.exe
-> calc.exe executes
+
Best Regards,
Karn Ganes
when the application starts, while few are loaded
when the application is exited. Thus, code execution can happen at the
start or at exit time of the application run.
+
Best Regards,
Karn Ganeshen
___
Sent through the Full Disclosure mailing list
https
a CVSS base score of
4.0-6.9, and
* 24 vulnerabilities were identified as having a CVSS base score of 0.0-3.9.
+
Best Regards,
Karn Ganeshen
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives
A:N).
+
Best Regards,
Karn Ganeshen
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
this dll in any directory defined in the PATH environment variable
C:\app-folder-RW\
3. Run ArchBrowser.exe (or any from listed above) -> calc.exe will execute
+
Best Regards,
Karn Ganeshen
___
Sent through the Full Disclosure mailing list
ht
HCDownloader.exe -> calc.exe executes
+
Best Regards,
Karn Ganeshen
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
WattConfigM.exe -> calc.exe executes
+
Best Regards,
Karn Ganeshen
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
to reproduce
1. Generate a dll payload
msfvenom –p windows/exec cmd=calc.exe –f dll –o i2capi.dll
2. Place this dll in any directory defined in the PATH environment variable
C:\Pro-face\WinGP\
3. Run Runtime.exe -> calc.exe
executes
+
Best Regards,
Karn Ganes
[ICS] Schneider Electric Pro-Face WinGP – Runtime.exe – Insecure Library
Loading Allows Code Execution
Vendor: Schneider Electric
Equipment: Pro-Face WinGP
Vulnerability: Uncontrolled Search Path Element (DLL side-loading)
Advisory URL:
Vendor: Schneider Electric
Equipment: Interactive Graphical SCADA System (IGSS) Software
Vulnerability: DLL Hijacking
Advisory URL:
https://ipositivesecurity.com/2017/05/18/ics-schneider-electric-interactive-graphical-scada-system-software-insecure-library-loading-allows-code-execution/
ICS-CERT
Vendor: BLF-Tech LLC
Equipment: VisualView HMI Software
Vulnerability: DLL Hijacking
Advisory URL:
https://ipositivesecurity.com/2017/05/18/ics-blf-tech-llc-visualview-hmi-software-insecure-library-loading-allows-code-execution/
ICS-CERT Advisory
Vendor: Schneider Electric
Equipment: Wonderware InduSoft Web Studio
Vulnerability: Incorrect Default Permissions
Advisory URL:
https://ipositivesecurity.com/2017/05/19/ics-schneider-electric-wonderware-indusoft-web-studio-privilege-escalation/
ICS-CERT Advisory
Vendor: Trihedral
Equipment: VTScada
Vulnerability: Resource Consumption, Cross-Site Scripting, Information
Exposure
Advisory URL:
https://ipositivesecurity.com/2017/06/15/ics-trihedral-vtscada-multiple-vulnerabilities/
ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01
Vendor: Digital Canal Structural
Equipment: Wind Analysis
Vulnerability: Stack-Based Buffer Overflow
Advisory URL:
https://ipositivesecurity.com/2017/06/15/ics-digital-canal-structural-wind-analysis-stack-buffer-overflow/
ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-157-02
Microsoft Machine Debug Manager (mdm) DLL side loading vulnerability
Vulnerability: DLL Hijacking / DLL Side Loading
Advisory URL:
https://ipositivesecurity.com/2017/06/15/microsoft-machine-debug-manager-mdm-insecure-library-loading-allows-code-execution/
ABOUT
Microsoft Office Patch Installer Executables - Insecure Library Loading
Allows Code Execution
Vulnerability: DLL Hijacking / DLL Side Loading
Advisory URL:
https://ipositivesecurity.com/2017/06/15/microsoft-office-patch-installers-insecure-library-loading-allow-code-execution/
*VMU-C Web-Server solution for photovoltaic applications*
VMU-C EM is a data logger system for small to medium projects, VMUC-Y EM is
a hardware data aggregator for medium to larger projects and Em2 Server is
a software solution for large projects. They are designed to complement the
extensive
Cambium SNMP Security Vulnerabilities
AFFECTED PRODUCTS
Cambium ePMP 1000
Cambium ePMP 2000
Cambium PMP XXX
Cambium ForceXXX models
Potentially all other models
IMPACT
These vulnerabilities may allow an attacker to access device configuration
as well as make unauthorized changes to the device
SenNet Data Logger appliances and Electricity Meters Multiple
Vulnerabilities
Note: Vendor has released the fix. Details to be documented in ICS-CERT
Advisory.
About
SenNet is a trademark of Satel Spain that offers monitoring and
remote-control solutions for businesses. Our engineers develop,
Sielco Sistemi Winlog SCADA Software Insecure Library Loading Allows Code
Execution
Vendor: Sielco Sistemi
Equipment: Winlog SCADA Software
Vulnerability: Uncontrolled Search Path Element
ICS-CERT Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-17-038-01
AFFECTED PRODUCTS
The following
LCDS – Leão Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA
Access Control Vulnerability
Vendor: LCDS – Leão Consultoria e Desenvolvimento de Sistemas LTDA ME
Equipment: LAquis SCADA
Vulnerability: Improper Access Control
ICS-CERT Advisory
Python + PostgreSQL pgAdmin4 – Insecure Library Loading Allows Code
Execution (DLL Hijacking Vulnerability)
*Confirmed on*
pgAdmin4 v1.1: Current version packaged with PostgreSQL v9.6.1.1 (Windows
x86 Current version)
*Checked on*
Windows 7 SP1 + python 2.7.13 (current version)
Note - This is a
*Universal multifunctional Electric Power Quality Meter BINOM3 - Multiple
Vulnerabilities*
*About*
The meters are designed for autonomous operation in automated systems:
• SCADA systems
• Data aquisition and transmission systems
• Automated data and measurement systems for revenue and technical
*Powerlogic/Schneider Electric ION series Smart Meters - Multiple
security issues*
*Impacted devices:*
*ION7300 and potentially all ION models (based off of Powerlogic) *For
example, Power Measurement Ltd. Meter ION 7330V283 ETH ETH7330V274
*CIMA DocuClass Enterprise Content Management - Multiple Vulnerabilities*
DocuClass is a modular and scalable enterprise content management (ECM)
solution that allows organizations to streamline internal operations by
significantly improving the way they manage their information within a
business
*EdgeCore - Layer2+ Fast Ethernet Standalone Switch ES3526XA Manager -
Multiple Vulnerabilities*
Also rebranded as: *SMC TigerSwitch 10/100 SMC6128L2 Manager*
Object ID:
1.3.6.1.4.1.259.8.1.5
Switch Information
Main Board:
Number of Ports 26
Hardware
/XT. Sierra Wireless strongly
recommends that the AceManager interface be disabled on the cellular WAN
connection, particularly when the device is active on public networks in
order to prevent exploitation of this sensitive information by
internet-based attackers.
+
--
Best Regards,
Ka
impact due to device compromise can be severe depending upon the utility &
environment where they are deployed.
+
--
Best Regards,
Karn Ganeshen
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archiv
to correct their report. Hopefully they will update it
soon.
+
Cheers!
--
Best Regards,
Karn Ganeshen
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
ured here), 143.76 Kbytes per second
459 bytes received in 00:00 (35.35 KiB/s)
+
--
Best Regards,
Karn Ganeshen
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
t out on Jan 29 but for some reason, it was not posted to FD. So
sending it again.
--
Best Regards,
Karn Ganeshen
ipositivesecurity.blogspot.in
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archive
ice running configuration backup *
*CVE-ID*: CVE-2015-7247
Usernames, Passwords, keys, values and web account hashes (super & admin)
are stored in cleartext and not masked. It is noted that restricted
'support' user may also access this config backup file from the portal
directly, gather clear-
config xml*
https://IP/configure_manage.php?action=download_config=cookie_config.xml
*Access system config xml*
https://IP/configure_manage.php?action=download_config=systemCfg.xml
+
--
Best Regards,
Karn Ganeshen
___
Sent through the Full Disc
-parameter")
--
Best Regards,
Karn Ganeshen
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
/1.1
connection=basic=admin%27%22%29%3B%7D%3C%2Fscript%3E%3Cscript%3Ealert%28%27xss%27%29%3C%2Fscript%3E=nordex=en
--
Best Regards,
Karn Ganeshen
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web
# Title: [Brocade Fabric OS v6.3.1b - Multiple vulnerabilities]
# Discovered by: Karn Ganeshen
# Vendor Homepage: [www.brocade.com]
# Versions Reported: Kernel 2.6.14.2 + FabOS v6.3.1b + BootProm 1.0.9
> *version*
Kernel: 2.6.14.2
Fabric OS: v6.3.1b
BootProm: 1.0.9
1 *Default diagnos
# Exploit Title: [PROLiNK H5004NK ADSL Wireless Modem Multiple
Vulnerabilities]
# Discovered by: Karn Ganeshen
# Reported on: [October 13, 2015]
# Vendor Response: [No process to handle vuln reports]
# Vendor Homepage: [
http://www.prolink2u.com/newtemp/datacom/adsl-modem-router/381-h5004nk.html
38 matches
Mail list logo
