Path traversal

A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform administrator credentials...

CVE-2017-16744

A path traversal vulnerability in Tridium Niagara AX Versions 3.8 and prior and Niagara 4 systems Versions 4.4 and prior installed on Microsoft Windows Systems can be exploited by leveraging valid platform administrator credentials...

CVE-2017-16748

CVE-2017-16748 affects Tridium Niagara AX/Niagara 4 platforms: Niagara AX Framework 3.8 and earlier and Niagara 4 Framework 4.4 and earlier. The issue is improper authentication where an attacker can log in using a disabled account name with a blank password and gain administrator privileges on t...

Security Bulletin: Vulnerability in Apache CXF affects IBM TRIRIGA Application Platform (CVE-2017-12624)

Summary Apache CXF is vulnerable to a denial of service. By using a specially crafted message attachment header, a remote attacker could exploit this vulnerability to cause the AX-WS and JAX-RS services stop responding. Vulnerability Details CVEID: CVE-2017-12624 DESCRIPTION: Apache CXF is...

Code injection

Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document...

CVE-2018-6462

Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document...

CVE-2018-6462

Tracker PDF-XChange Viewer and Viewer AX SDK prior to 2.5.322.8 are affected by a vulnerability in YCC to RGB color-space conversion that uses 1 bpc instead of 8 bpc, allowing remote code execution via a crafted PDF document. Affected products: Tracker PDF-XChange Viewer and Viewer AX SDK. Root c...

CVE-2018-6462

Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle conversion from YCC to RGB colour spaces by calculating on the basis of 1 bpc instead of 8 bpc, which might allow remote attackers to execute arbitrary code via a crafted PDF document...

ax-bg.com XSS vulnerability

Open Bug Bounty ID: OBB-448175 Description| Value ---|--- Affected Website:| ax-bg.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...

D-Link DGS-1500 Ax RCE Vulnerability

D-Link DGS-1500 Ax devices before 2.51B021 are vulnerable to remote code execution RCE. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...

D-Link DGS-1500 Ax Device Hardcoded Password Vulnerability

The D-Link DGS-1500 Ax devices is a switch device from AUO. The D-Link DGS-1500 Ax devices use hard-coded passwords that allow remote attackers to exploit vulnerabilities by submitting specially crafted requests for unauthorized access to the devices...

CVE-2017-15909

D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access...

CVE-2017-15909

D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access...

CVE-2017-15909

The CVE-2017-15909 entry applies to D-Link DGS-1500 Ax switches with versions before 2.51B021, which contain a hardcoded password enabling remote shell access. The RCE/unauthorized access stems from credential hardcoding in the device firmware, allowing an attacker to obtain shell access without ...

PT-2017-14278 · D Link · D-Link Dgs-1500

Name of the Vulnerable Software and Affected Versions: D-Link DGS-1500 Ax versions prior to 2.51B021 Description: The issue allows remote attackers to obtain shell access due to a hardcoded password. Recommendations: For versions prior to 2.51B021, update to version 2.51B021 or later to resolve t...

CVE-2016-10405

Session fixation vulnerability in D-Link DIR-600L routers rev. Ax with firmware before FW1.17.B01 allows remote attackers to hijack web sessions via unspecified vectors...

Code injection

The SNAP Lite component in certain SISCO MMS-EASE and AX-S4 ICCP products allows remote attackers to cause a denial of service CPU consumption via a crafted packet...

CVE-2015-6574

The SNAP Lite component in certain SISCO MMS-EASE and AX-S4 ICCP products allows remote attackers to cause a denial of service CPU consumption via a crafted packet...

CVE-2015-6574

CVE-2015-6574 affects the SNAP Lite component in Siemens SISCO MMS-EASE and AX-S4 ICCP products. The vulnerability allows remote attackers to cause a denial-of-service (CPU consumption) by sending a specially crafted packet. Public documentation confirms affected products include SIPROTEC 5 devic...

CVE-2015-6574

The SNAP Lite component in certain SISCO MMS-EASE and AX-S4 ICCP products allows remote attackers to cause a denial of service CPU consumption via a crafted packet...