This is a tool written in Python that will scan for PLC devices over s7comm or modbus protocols.
0e1237d54b50e53df44840fb5a1c59f2b1e9d796ffe3149af9d4be819555e677The Avamar affected client process runs as root and after each backup it leaves the cache files as world readable and writable. While the cache files themselves do not contain sensitive information, when the parent directory is world-writable, the cache files could be used by an attacker to elevate the privileges when a system-level backup is performed. The non-root user can create symbolic links to obtain unauthorized access to files on the affected system. Versions affected include EMC Avamar HP-UX Client 4.x, 5.x and 6.x, EMC Avamar Mac OS Client 4.x, 5.x and 6.x, and EMC Avamar Plugin for Oracle 4.x, 5.x and 6.x.
6d23b1eaba37b7441a5ae44384b647fe91db54567726e5da4f9dfce5acbcc994EMC AlphaStor version 4.0 prior to build 800 suffers from code execution and format string vulnerabilities.
e553b534252e9057c149a87cfdcee80ce12b2835916a738c969d3283215bdd6bDNSChef is a highly configurable DNS proxy for Penetration Testers and Malware Analysts. A DNS proxy (aka "Fake DNS") is a tool used for application network traffic analysis among other uses. For example, a DNS proxy can be used to fake requests for "badguy.com" to point to a local machine for termination or interception instead of a real host somewhere on the Internet.
b6991534723c3d26ea8eda3600cfcd6cb8e2a107384744e001a49da46c3db92fThis is a SCADA security hardening guide for Siemens Simatic WinCC version 7.x.
1f64be3d914e4a288a0197041552ae70d5dca310f320329c7321f28520e5cbf3Siemens Simatic WinCC Flexible 2008 security hardening guide.
cd89bd1a113448a177132b9cbddb4efcf520c705c18777b21fc760d3018bb5a4These are slides from a presentation call WinCC Under X-Rays.
48affd9265f6129d8e1b9288f64659adda11ce5640c00598776b5fa4cc425985This Metasploit module receives sensitive information from the WinCC database.
627da9137aaf5c71b77b876b03bb54d07c3d0135bcd88283a54933c5111a7071This document illustrates multiple ways to identify multiple SCADA systems.
4a6fa6642d990c8dd6fd4923a4888e0ece61a8ec460784de6393c1c946926834S7 Password offline bruteforcing tool written in Python.
878839bd23896003334de59ea25bee609cb1e1ed6bc559a6d7ff2fd0ba72c3a3NConf version 1.3 suffers from remote blind SQL injection vulnerabilities in multiple parameters.
b1c08148508f6134c9f0d2851f20846c44f57baf8af88b56e5f775466bb1906bWordPress Developer Formatter plugin suffers from a cross site request forgery vulnerability.
78e285d9f5fc77132dd3df5c0d64b44914f8e50ebd1bd70540d302691be72048Secunia Security Advisory - Charlie Eriksen has discovered multiple vulnerabilities in the WP Symposium plugin for WordPress, which can be exploited by malicious users and malicious people to conduct SQL injection attacks.
4ee1bf71cc035aea698372560f8c852c41491a1161de2510069e30a2846ae343Secunia Security Advisory - Multiple weaknesses, two security issues, and multiple vulnerabilities have been reported in Moodle, where one has an unknown impact and the others can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct spoofing and cross-site request forgery attacks and disclose potentially sensitive information.
d7115e8feeb83f996fb130b8f96fc4dcf4c8718098cdcfed5f28cf75665d1621Joomla GarysCookBook version 3.0.x suffers from a remote shell upload vulnerability.
126ffd8e875a7e1ec877fe617947622987f1cd173737ab8cf94795ba740a3f55This is a small proof of concept tool that leverages the data:// stream to gain remote code execution from a file inclusion vulnerability.
c8c8bbfa963434111dffb850c77790720a4f7b2c74f7310ff876ccea44eb66f6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed