2 matches found
Emerson DeltaV Cross-site Scripting (CVE-2012-1814)
Cross-site scripting XSS vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. This plugin only works with Tenable.ot. Please...
ManageEngine DeviceExpert ScheduleResultViewer Remote Directory Traversal
DeviceExpert is susceptible to a directory traversal attack on the 'FileName' parameter of 'ScheduleResultView' servlet scheduleresult.de. It is possible for an unauthenticated, remote attacker to invoke the ScheduleResultViewer to disclose every file on the system, including database tables...