Tag: Code Execution

security advisory

[ICS] Trihedral VTScada Multiple Vulnerabilities

ICS-CERT published an advisory on one of my reports this week –
https://ics-cert.us-cert.gov/advisories/ICSA-17-164-01

Vendor: Trihedral
Equipment: VTScada
Vulnerability: Resource Consumption, Cross-Site Scripting, Information Exposure

AFFECTED PRODUCTS

The following versions of VTScada, an HMI SCADA software, are affected:
VTScada Versions prior to 11.2.26

Read on for details.

security advisory

Microsoft Office Patch Installers – Insecure Library loading allow code execution

Microsoft Office Patch Installer Executables – Insecure Library Loading Allows Code Execution
Vulnerability: DLL Hijacking / DLL Side Loading

Abstract

Microsoft Office Patch installer executables are found to be vulnerable to DLL side loading / hijacking issue.

This issue was observed when installing a patch for Microsoft Excel 2013 SP1. Patch installer for Microsoft Word was also tested and confirmed to exhibit the same behavior. Other patch installers may also be vulnerable.

In this writeup, I will document about MS Excel 2013 patch update KB3127968.

Read on for details.

security advisory

Microsoft Machine Debug Manager (mdm) – Insecure Library Loading Allows Code Execution

Microsoft Machine Debug Manager (mdm) DLL side loading vulnerability

ABOUT

The Machine Debug Manager, mdm.exe, is a program that provides support for program debugging.

During the testing, it was found that MDM is affected with DLL hijacking vulnerability. The following conditions are required to exploit MDM DLL hijacking vulnerability:

1. MDM (mdm.exe) is installed
2. Disable script debugging (Other) option is not selected (IE -> Internet Options -> Advanced)

Exploitation could be performed via multiple Windows applications. A few scenarios are documented here.

Read on for details.

security advisory

[ICS] BLF-Tech LLC VisualView HMI Software – Insecure Library Loading Allows Code Execution

ICS-CERT published an advisory on one of my reports last month –
https://ics-cert.us-cert.gov/advisories/ICSA-17-115-01

BLF-Tech LLC VisualView HMI Insecure Library Loading Allows Code Execution

Vendor: BLF-Tech LLC
Equipment: VisualView HMI Software
Vulnerability: Uncontrolled Search Path Element

security advisory

[ICS] Schneider Electric Interactive Graphical SCADA System Software – Insecure Library Loading Allows Code Execution

ICS-CERT published an advisory on one of my reports last month –
https://ics-cert.us-cert.gov/advisories/ICSA-17-094-01

Schneider Electric Interactive Graphical SCADA System Software – Insecure Library Loading Allows Code Execution

Vendor: Schneider Electric
Equipment: Interactive Graphical SCADA System Software [IGSS]
Vulnerability: Uncontrolled Search Path Element

Read on for details.

security advisory

[ICS] Sielco Sistemi Winlog SCADA Software – Insecure Library Loading Allows Code Execution

ICS-CERT published an advisory on one of my reports last month –
https://ics-cert.us-cert.gov/advisories/ICSA-17-038-01

Sielco Sistemi Winlog SCADA Software Insecure Library Loading Allows Code Execution

Vendor: Sielco Sistemi
Equipment: Winlog SCADA Software
Vulnerability: Uncontrolled Search Path Element

security advisory

PostgreSQL pgAdmin4 – Insecure Library Loading Allows Code Execution

This vulnerability can allow attackers to execute arbitrary code on vulnerable installations of pgAdmin4 software. pgAdmin4 is a GUI application for database server administration, and comes packaged with PostgreSQL package.

User interaction is required to exploit this vulnerability in that the malicious dll file(s) should be saved in any of the DLL search paths.

Confirmed on products
pgAdmin4 v1.1: Current version packaged with PostgreSQL v9.6.1.1 (Windows x86 Current version)

security advisory

UPlus FTP Server v1.7.1.0.1 remote buffer overflow exploit published

Hi All,

Posted another remote code execution exploit on Exploit-db an hour back. It is published now 🙂

###

#!/usr/bin/python

import socket,sys,base64

print “””

#

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

    UPlusFTP Server v1.7.1.01 [ HTTP ] Remote BoF Exploit PoC

    Discovered by : Karn Ganeshen                          …

security advisory

2 Remote Buffer Overflow Code Execution Exploits Published

Hey folks,

As of late, I am reading up on buffer overflows. This is one topic I had been escaping for quite a time. …