CVE-2024-0257 RoboDK Heap-based Buffer Overflow

RoboDK v5.5.4 is vulnerable to heap-based buffer overflow while processing a specific project file. The resulting memory corruption may crash the application...

PT-2024-15417 · Robodk · Robodk

Name of the Vulnerable Software and Affected Versions: RoboDK version 5.5.4 Description: The issue is related to a heap-based buffer overflow that occurs when processing a specific project file, leading to potential memory corruption and application crashes. Recommendations: For RoboDK version...

CVE-2024-2229

CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution when a malicious project file is loaded into the application by a valid user...

CVE-2024-2229

CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution when a malicious project file is loaded into the application by a valid user...

CVE-2024-2229

CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution when a malicious project file is loaded into the application by a valid user...

Schneider Electric EcoStruxure Power Design Code Issue Vulnerability

Schneider Electric EcoStruxure Power Design is an electrical system design software from Schneider Electric France designed to help engineers and designers with comprehensive support and solutions when planning and designing power systems. A code issue vulnerability exists in Schneider Electric...

Vulnerability fixed in Schneider Electric EcoStruxure Power Design

Schneider Electric has fixed a vulnerability in EcoStruxure Power Design. A malicious party could exploit the vulnerability to execute arbitrary code with privileges of the Power Design user. Successful exploitation requires the malicious party to trick the victim into opening and executing a rog...

CVE-2023-6409

CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Expert...

CVE-2023-6409

CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Expert...

CVE-2023-27975

CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation...

CVE-2023-27975

CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation...

CVE-2023-27975

CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause unauthorized access to the project file in EcoStruxure Control Expert when a local user tampers with the memory of the engineering workstation...

CVE-2023-6409

CVE-2023-6409 is tied to Schneider Electric EcoStruxure Control Expert (and related Modicon/M580/Process Expert components) and is documented as CWE-798: Use of Hard-coded Credentials. The vulnerability enables unauthorized access to a project file protected by an application password when opened...

CVE-2023-6409

CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to a project file protected with application password when opening the file with EcoStruxure Control Expert...

Task Manager SQL Injection Vulnerability

Task Manager is an open source task manager application from Code-Projects. Task Manager v1.0 has a SQL injection vulnerability , the vulnerability stems from the file /TaskManager/EditProject.php has a SQL injection vulnerability...

The vulnerability of Adobe After Effects’ video and dynamic image editing software lies in the insufficient verification of input data, allowing attackers to execute arbitrary code.

The vulnerability of Adobe After Effects’ video and dynamic image editing software relates to insufficient validation of input data. Exploiting this vulnerability allows attackers to execute arbitrary code using a specially created AEP file...

CVE-2022-45792 Directory Traversal in Project File Format allows overwrite (Zip Slip)

Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user...

CVE-2022-45792 Directory Traversal in Project File Format allows overwrite (Zip Slip)

Project files may contain malicious contents which the software will use to create files on the filesystem. This allows directory traversal and overwriting files with the privileges of the logged-in user...

CVE-2023-29446

An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline...

Input validation

An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. This allows an adversary to capture NLTMv2 hashes and potentially crack them offline...