Researchers have identified a wide range of vulnerabilities in remote terminal units manufactured by Emerson Process Management that are widely used in oil and gas pipelines and other applications. The vulnerabilities include a number of hidden functions in the RTUs, an authentication bypass and hardcoded credentials. All of the vulnerabilities are remotely exploitable and an[…]
Browsing Tag: vulnerabilities
There are a number of critical, remotely exploitable command injection vulnerabilities in Schneider Electric’s ProClima software, which is used in manufacturing and energy facilities. The ProClima application is a utility that customers use to design control panel enclosures in industrial facilities to help manage the heat from enclosed electrical devices. The bugs affect ProClima versions[…]
Unknown hackers were able to compromise vital systems belonging to ICANN, the organization that manages the global top-level domain system, and had access to the system that manages the files with data on resolving specific domain names.
CMS providers Joomla and WordPress have patched an arbitrary file download vulnerability in the HD FLV Player plug-in, but custom websites running the plug-in independently remain at risk.
Yahoo officials say that the company will disclose any new vulnerabilities that the company’s security team finds within 90 days of discovery.
Yik Yak, an application that allows users to share purportedly anonymous status updates with others near them, has fixed a critical privacy vulnerability in the iOS version of its app.
Adobe released security updates for Flash Player, Reader, Acrobat and ColdFusion. The Flash vulnerability is being exploited in the wild, Adobe said.
VMware released patches late last week to fix several vulnerabilities, including a cross-site scripting issue, in one of its server virtualization platforms.
A group of security researchers in Poland say they have discovered a long list of vulnerabilities in the Google App Engine, some of which enable an attacker to escape the Java sandbox.
There is an easily exploitable remote code execution vulnerability in a popular WordPress plugin that helps manage file downloads and researchers say the bug could be used by even a low-level attacker to run arbitrary code on a vulnerable site.