Blog Posts Tagged with "Proof of Concept"

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: SpecView Directory Traversal Vulnerability

August 08, 2012 Added by:Infosec Island Admin

ICS-CERT is aware of a public report of a directory traversal vulnerability with proof-of-concept (PoC) exploit code affecting SpecView when a specially crafted request is passed to the web server running on Port 80\TCP. Successful exploitation could result in data leakage...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Kessler-Ellis Products Exploit POC

August 02, 2012 Added by:Infosec Island Admin

ICS-CERT has notified the affected vendor of the report and has asked the vendor to confirm the vulnerability and identify mitigations. ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cybersecurity attacks...

Comments  (0)

03b2ceb73723f8b53cd533e4fba898ee

Rakshasa: Is it Possible to Design the Perfect Hardware Backdoor?

August 01, 2012 Added by:Pierluigi Paganini

Rakshasa malware infects the host’s BIOS and takes advantage of a vulnerable aspect of traditional architecture, as peripherals like network cards or sound cards can write to the computer’s RAM or to portions of the memory allocated to any of the other peripherals. It is hard to detect, and quite impossible to remove...

Comments  (5)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Tridium Niagara Vulnerabilities

July 16, 2012 Added by:Infosec Island Admin

Researchers have notified ICS-CERT of a directory traversal and weak credential storage vulnerability with proof-of-concept exploit code for Tridium Niagara AX Framework software that is exploitable by downloading and decrypting the file containing the user credentials from the server...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Sielco Sistemi Winlog Multiple Vulnerabilities

July 02, 2012 Added by:Infosec Island Admin

Sielco Sistemi Winlog Version 2.07.14 can be exploited remotely by sending specially crafted requests to TCP/46824. ICS-CERT is issuing this alert to provide early notice of the report and identify baseline mitigations for reducing risks to these and other cybersecurity attacks...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Pro-face Pro-Server EX Multiple Vulnerabilities

May 18, 2012 Added by:Infosec Island Admin

The vulnerabilities affecting Pro-face Pro-Server include invalid memory access, buffer overflow, unhandled exception, and memory corruption with proof-of-concept exploit code. According to this report, these vulnerabilities are exploitable via specially crafted packets...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Certec WebMI2ADS Multiple Vulnerabilities

April 17, 2012 Added by:Infosec Island Admin

Researcher Luigi Auriemma has identified multiple vulnerabilities in Certec’s WebMI2ADS application. Successful exploitation of these vulnerabilities may allow an attacker to cause a denial of service (DoS) or could lead to data leakage...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: MICROSYS PROMOTIC Vulnerability POC

April 13, 2012 Added by:Infosec Island Admin

Researcher Luigi Auriemma identified and released proof of concept code (POC) for a use after free vulnerability in the MICROSYS, spol. s r.o. PROMOTIC application wgich may result in adverse conditions ranging from the corruption of valid data to the execution of arbitrary code...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Researchers Demonstrate Cell Phone Tracking Vulnerability

February 20, 2012 Added by:Headlines

Researchers at the University of Minnesota’s College of Science and Engineering have revealed a technique that could allow an unauthorized third-party to track the location of a cell phone using data available from cellular networks...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Koyo Ecom100 Brute Force Cracking Tool

February 15, 2012 Added by:Headlines

A brute force password cracking tool has been released that targets the weak authentication vulnerability in the Koyo ECOM100 Ethernet Module. This tool may greatly reduce the time and skill level required to attack a vulnerable system...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Advantech BroadWin WebAccess Vulnerabilities

February 10, 2012 Added by:Headlines

ICS-CERT is aware of a public report about an RPC server vulnerability with proof-of-concept (PoC) exploit code affecting the Advantech BroadWin WebAccess software, a supervisory control and data acquisition/human-machine interface (SCADA/HMI) product...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

ICS-CERT: Rockwell Automation FactoryTalk Vulnerability

January 21, 2012 Added by:Headlines

Multiple vulnerabilities have been with proof-of-concept exploit code affecting Rockwell Automation FactoryTalk, a SCADA/HMI product. The vulnerability is exploitable by sending specially crafted packets to the server. This report was released by Luigi Auriemma...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Researcher Ups Ante on Hacking Medical Devices

October 31, 2011 Added by:Headlines

"You're not meant to be able to grab serial numbers out of the air. This tool I developed should be able to scan the frequency for these pumps, retrieve the pump ID, and with that pump I can then dispense insulin, suspend the pump, resume it and that type of thing..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Researcher Discovers New SCADA Vulnerabilities

September 19, 2011 Added by:Headlines

"Finding zero-day (previously unknown holes) in SCADA software is like nuking fish in a barrel. People purchasing these systems need to push back on suppliers and ask them what they are doing to secure the system before selling it to customers," said Chris Wysopal, CTO for Veracode...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Skype Vulnerable to HTML/JavaScript Code Injection

August 23, 2011 Added by:Headlines

"Does it make sense to allow users to 'embed' HTML code in their Skype profile and especially in those 'phone number' fields? Also, there is no option to define any HTML code in Skype client. I was able to find those bugs with Linux Skype client. I guess they don't focus so much on that client..."

Comments  (0)

B64e021126c832bb29ec9fa988155eaf

Researchers Break Military Chip Encryption Keys

August 04, 2011 Added by:Dan Dieterle

In the attack, power use is monitored during the power up sequence of the chip. As it is powered up, the chip accesses a key used to decrypt the configuration data file and data stream. By analyzing the power used, the team was able to decrypt the key...

Comments  (0)

Page « < 1 - 2 > »