Code injection

The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file...

CVE-2017-16670

The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file...

The vulnerability of the microprogramming software of Siemens SIMATIC STEP 7 (TIA Portal) arises from the incorrect file management format used for TIA project files during version updates. This allows attackers to access important information regarding configuration settings.

The vulnerability of the microprogramming software used in Siemens SIMATIC STEP 7 TIA Portal is related to the use of an incorrect file management format for TIA project files during version updates. Exploiting this vulnerability can allow a local attacker to access important configuration...

CVE-2017-14627

Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the 1 author inside the INFORMATION tag, 2 name inside the INFORMATION tag, 3 artist inside the TRACK tag, or 4 default inside the TEXT tag parameter in an lpp project file...

CVE-2017-14627

Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the 1 author inside the INFORMATION tag, 2 name inside the INFORMATION tag, 3 artist inside the TRACK tag, or 4 default inside the TEXT tag parameter in an lpp project file...

CVE-2017-14627

Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote attackers to execute arbitrary code via the 1 author inside the INFORMATION tag, 2 name inside the INFORMATION tag, 3 artist inside the TRACK tag, or 4 default inside the TEXT tag parameter in an lpp project file...

Delta Industrial Automation PMSoft Stack Buffer Overflow Vulnerability (CNVD-2017-228255)

Delta Industrial Automation is a global industrial automation manufacturer of power management and thermal solutions. WPLSoft and PMSoft are Delta's PLC programming software. A stack buffer overflow vulnerability exists in the parsing of information from a TTreeView object in a ppm project file...

(0Day) Delta Industrial Automation PMSoft Project File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Delta Industrial Automation PMSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with...

(0Day) Advantech WebOP Designer Project File Heap Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebOP Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Fuji Electric Monitouch V-SFT Project File Parsing Heap Buffer Overflow Vulnerability (CNVD-2017-22805)

Fuji Electric Monitouch V-SFT is an HMI software. A security vulnerability in Fuji Electric Monitouch V-SFT parsing V8 project files allows remote attackers to exploit the vulnerability by submitting a specially crafted file, which can be tricked into being parsed by the user to execute arbitrary...

More mainstream version control system was traced to the presence of the client arbitrary code execution vulnerability-vulnerability warning-the black bar safety net

Around the world programmers Please Note, You must now immediately updates your version control system, Git, SVN, Mercurial open-source version control system recently to fix critical security vulnerabilities, the delay in the upgrade, you will be affected by the vulnerability. More mainstream...

Fuji Electric Monitouch V-SFT Project File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

Buffer Overflow Vulnerability in KGL_WIN at LS General Electric (formerly LG General Electric) in South Korea

KGLWIN KGL for Windows is a programming and debugging tool for LG MSATER-K series. A buffer overflow vulnerability exists in KGLWIN from LS formerly LG. The vulnerability is triggered when the KGLWIN tool processes a .PRJ file and can be exploited by an attacker to execute arbitrary code...

CVE-2017-6035

A Stack-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. This vulnerability causes a buffer overflow, which could result in denial of service when a malicious project file is run on the system...

CVE-2017-6037

A Heap-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. This vulnerability causes a buffer overflow when a maliciously crafted project file is run by the system...

CVE-2017-6037

A Heap-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. This vulnerability causes a buffer overflow when a maliciously crafted project file is run by the system...

CVE-2017-6037

A Heap-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. This vulnerability causes a buffer overflow when a maliciously crafted project file is run by the system...

file: Heap-buffer-overflow in cdf_getuint32

Project: https://github.com/file/file.git Detailed report: https://oss-fuzz.com/testcase?key=4658680639258624 Project: file Fuzzer: aflfilemagicfuzzer Fuzz target binary: magicfuzzer Job Type: aflasanfile Platform Id: linux Crash Type: Heap-buffer-overflow READ 4 Crash Address: 0x611000000dc1 Cra...

CVE-2017-7574

Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML...

CVE-2017-7574

Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric Modicon TM221CE16R 1.3.3.3 devices have a hardcoded-key vulnerability. The Project Protection feature is used to prevent unauthorized users from opening an XML protected project file, by prompting the user for a password. This XML...