CVE-2017-2372

An issue was discovered in certain Apple products. GarageBand before 10.1.5 is affected. Logic Pro X before 10.3 is affected. The issue involves the "Projects" component, which allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted GarageBan...

Apple GarageBand Out of Bounds Write Code Execution Vulnerability

Summary An exploitable out of bounds write vulnerability exists in the parsing of saved files in Apple’s GarageBand version 10.1.4. A specially crafted project file can cause an out of bounds write resulting in an exploitable condition. An attacker can deliver a project file via other means to...

Apple GarageBand Out of Bounds Write Code Execution Vulnerability

Summary An exploitable out of bounds write vulnerability exists in the parsing of saved files in Apple’s GarageBand version 10.1.5. A specially crafted project file can cause an out of bounds write resulting in an exploitable condition. An attacker can deliver a project file via other means. This...

CVE-2016-9354

An issue was discovered in Moxa DACenter Versions 1.4 and older. A specially crafted project file may cause the program to crash because of Uncontrolled Resource Consumption...

CVE-2016-8354

An issue was discovered in Schneider Electric Unity PRO prior to V11.1. Unity projects can be compiled as x86 instructions and loaded onto the PLC Simulator delivered with Unity PRO. These x86 instructions are subsequently executed directly by the simulator. A specially crafted patched Unity...

Information Disclosure Vulnerability in HollySys Software HT8000 Project File

HOLLISTER HT8000CN General Edition Industrial Automation Configuration Screen Editor Software is a configuration software for constructing and producing embedded computer monitoring systems. A sensitive information disclosure vulnerability exists in the HollySys software HT8000 project file. The...

Sensitive Information Disclosure Vulnerability in HollySys Software HT7000 Project File

HollySys' HT7000 editing software includes both a configuration environment and a runtime environment. Its configuration environment is capable of running on a variety of Microsoft-based 32-bit Windows platforms, and the runtime environment runs on WindowsCE, a real-time multi-tasking embedded...

Buffer Overflow Vulnerability in Scada-os Configuration Software Project Files

Scada-OS is a SCADA system developed by several SCADA configuration software engineers. A buffer overflow vulnerability exists in the project file of Scada-os configuration software version 6.1.0.0. Because the software fails to detect the length of the name tag content of the project file, an...

CVE-2016-7960

Siemens SIMATIC STEP 7 TIA Portal before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors...

Buffer overflow

Buffer overflow in Rockwell Automation RSLogix Micro Starter Lite, RSLogix Micro Developer, RSLogix 500 Starter Edition, RSLogix 500 Standard Edition, and RSLogix 500 Professional Edition allows remote attackers to execute arbitrary code via a crafted RSS project file...

CVE-2016-5814

Buffer overflow in Rockwell Automation RSLogix Micro Starter Lite, RSLogix Micro Developer, RSLogix 500 Starter Edition, RSLogix 500 Standard Edition, and RSLogix 500 Professional Edition allows remote attackers to execute arbitrary code via a crafted RSS project file...

CVE-2016-5814

CVE-2016-5814 is a classic buffer overflow in Rockwell RSLogix products (Micro Starter Lite/Dveloper; RSLogix 500 Starter/Standard/Professional) triggered by parsing malicious RSS project files. The vulnerability is a CWE-120 flaw that allows code execution when a local user opens a crafted RSS f...

Panasonic FPWIN Pro createLoadContent Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within processing o...

Panasonic FPWIN Pro CPlcSetting::Load Uninitialized Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within processing o...

Panasonic FPWIN Pro GetBlock Heap Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within processing o...

Panasonic FPWIN Pro SCTASK Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processi...

Panasonic FPWIN Pro SelectFCS Array Indexing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Panasonic FPWIN Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within processing o...

The vulnerability of the Integrated Architecture Builder software, a tool for creating control systems, allows a hacker to execute arbitrary code.

The vulnerability of the IAB.exe component of the Integrated Architecture Builder software, which is used for creating control systems, is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating locally, to execute arbitrary code using a...

CVE-2016-2277

IAB.exe in Rockwell Automation Integrated Architecture Builder IAB before 9.6.0.8 and 9.7.x before 9.7.0.2 allows remote attackers to execute arbitrary code via a crafted project file...

CVE-2016-2277

IAB.exe in Rockwell Automation Integrated Architecture Builder IAB before 9.6.0.8 and 9.7.x before 9.7.0.2 allows remote attackers to execute arbitrary code via a crafted project file...