fbpx

This website uses cookies to ensure you get the best experience. More Information...

SECURITY LABS

ADVISORIES
Shamoon v3

  Shamoon v3 is a modular virus, also known as W32.DisTrack, that has recently re-emerged and hit oil, gas, energy, telecom, and government organizations in the Middle East and southern Europe. The Security Operations Center of Obrela Security Industries wants to keep our customers continuously updated of the malware’s course through this and the campaigns […]

READ MORE
Obrela Security Industries Advisory (OSI-1502)

Advisory ID  OSI-1502 Description: Dnsmasq does not properly check the return value of the setup_reply() function called during a tcp connection (by the tcp_request() function). This return value is then used as a size argument in a function which writes data on the client’s connection.  This may lead, upon successful exploitation, to reading the heap […]

READ MORE
Obrela Security Industries Advisory (OSI-1501)

Advisory ID  OSI-1501 Description: The XML parser of Cisco Prime Service Catalog suffers from a vulnerability that could allow an authenticated remote attacker to either cause denial of service conditions (resources consumption) or retrieve sensitive data (local data access). Researcher: Alexis Dimitriadis (a.dimitriadis[a t]obrela[do t]com) Vulnerability: CVE-2015-0581: Cisco Prime Service Catalog XML External Entity Processing Vulnerability […]

READ MORE
Obrela Security Industries Advisory (OSI-1402)

Advisory ID  OSI-1402 Description Twelve vulnerabilities exist on ettercap-ng which allow remote denial of service and possible remote code execution. Specifically, the following vulnerabilities were identified: A Length Parameter Inconsistency at ettercap 8.0 dissector_postgresql() which may lead to remote code execution or denial of service. An arbitrary write of zero in to any location at […]

READ MORE
Obrela Security Industries Advisory (OSI-1401)

Advisory ID OSI-1401 Description Four vulnerabilities exist on aircrack-ng <= 1.2 Beta 3 which allow remote/local code execution, privilege escalation and denial of service. Specifically, the following vulnerabilities were identified: A stack overflow at airodump-ng gps_tracker() which may lead to code execution, privilege escalation. A length parameter inconsistency at aireplay tcp_test() which may lead to […]

READ MORE
Obrela Security Industries Advisory (OSI-1301)

pfSense versions 2.0.1 and prior are vulnerable to semi-persistent XSS and CSRF attack vectors, exploited by sending Javascript/HTML code as a username during the XAuth user authentication phase. For further information please see here: http://www.exploit-db.com/exploits/24439/ For more information about pfSense see the main site: http://www.pfsense.org/ pfSense is a very popular Open Source Firewall and Routing […]

READ MORE