6 matches found
InTouch Machine Edition 8.1 SP1 Buffer Overflow
Exploit Title: InTouch Machine Edition 8.1 SP1 - 'Nombre del Tag' Buffer Overflow SEH Discovery by: Luis Martinez Discovery Date: 2018-09-10 Vendor Homepage: https://on.wonderware.com/ Software Link: https://on.wonderware.com/intouch-machine-edition Tested Version: 8.1 SP1 Vulnerability Type: Loc...
Wonderware InBatch ActiveX Vulnerabilities
Overview ICS-CERT originally released advisory “ICSA-11-332-01P—Invensys Wonderware InBatch ActiveX Vulnerabilities” in the US-CERT secure portal on November 28, 2011. This web page release was delayed to allow users time to download and install the update. Researcher Kuang-Chun Hung of the...
CVE-2004-2321
Affected products: BEA WebLogic Server and Express 8.1 SP1 and earlier. Vulnerability: local users in the Operator role can obtain administrator passwords via MBean attributes (ServerStartMBean.Password; NodeManagerMBean.CertificatePassword). Impact: partial confidentiality exposure; access is LO...
CVE-2005-2092
BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebLogic to incorrectly handle and forwar...
CVE-2005-2092
BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebLogic to incorrectly handle and forwar...
CVE-2005-2092
The CVE-2005-2092 entry describes a vulnerability in BEA Systems WebLogic 8.1 SP1 where a crafted HTTP request with both a Transfer-Encoding: chunked header and a Content-Length header causes WebLogic to mis-handle the request body, leading to HTTP Request Smuggling. This can allow remote attacke...