39 matches found
Moxa NPort 5110, 5130, and 5150 Uncontrolled Resource Consumption (CVE-2017-14028)
A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exhaust memory resources by sending a large amount ...
Advantech iView Unauthenticated Remote Code Execution
This module exploits an unauthenticated configuration change combined with an unauthenticated file write primitive, leading to an arbitrary file write that allows for remote code execution as the user running iView, which is typically NT AUTHORITY\SYSTEM. This issue was demonstrated in the...
Treck IP stacks contain multiple vulnerabilities
Overview Treck IP stack implementations for embedded systems are affected by multiple vulnerabilities. This set of vulnerabilities was researched and reported by JSOF, who calls them Ripple20. Description Treck IP network stack software is designed for and used in a variety of embedded systems. T...
SMA Solar Technology AG Sunny WebBox 1.6 Cross Site Request Forgery
Exploit Title: SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Date: 2019-10-08 Exploit Author: Borja Merino and Eduardo Villaverde Vendor Homepage: https://www.sma.de Version: Firmware Version 1.6 and prior Tested on: Sunny WebBox SMA Solar Device Firmware Version...
SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery
SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Exploit Title: SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Date: 2019-10-08 Exploit Author: Borja Merino and Eduardo Villaverde Vendor Homepage: https://www.sma.de Version: Firmware...
SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications Exploit Title: SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Exploit Author: Borja Merino and Eduardo Villaverde Vendor Homepage: https://www.sma.de Version: Firmware Version 1.6 and prior Tested on: Sunny...
SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery
Exploit Title: SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Date: 2019-10-08 Exploit Author: Borja Merino and Eduardo Villaverde Vendor Homepage: https://www.sma.de Version: Firmware Version 1.6 and prior Tested on: Sunny WebBox SMA Solar Device Firmware Version...
Delta Electronics Delta Industrial Automation COMMGR 1.08 Stack Buffer Overflow
This module exploits a stack based buffer overflow in Delta Electronics Delta Industrial Automation COMMGR 1.08. The vulnerability exists in COMMGR.exe when handling specially crafted packets. This module has been tested successfully on Delta Electronics Delta Industrial Automation COMMGR 1.08 ov...
Automated Logic WebCTRL 6.1 Path Traversal Arbitrary File Write
Description The vulnerability is triggered by an authenticated user that can use the manualcommand console in the management panel of the affected application. The ManualCommand function in ManualCommand.js allows users to perform additional diagnostics and settings overview by using pre-defined...
WECON Technology Co., Ltd. LeviStudio HMI Editor
CVSS v3 7.5 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: WECON Technology Co., Ltd. WECON Equipment: LeviStudio HMI Editor Vulnerabilities: Stack-based Buffer Overflow AFFECTED PRODUCTS The following versions of LEVI Studio HMI Editor, an HMI programming software product, a...
Infinite Automation Mango Automation Command Injection
require 'msf/core' class MetasploitModule 'Infinite Automation Mango Automation Command Injection', 'Description' = %q This module exploits a command injection vulnerability found in Infinite Automation Systems Mango Automation v2.5.0 - 2.6.0 beta builds prior to 430. , 'Author' = 'james fitts' ,...
KingScada AlarmServer 3.1.2.13 - Remote Stack Buffer Overflow (Metasploit)
require 'msf/core' class MetasploitModule 'KingScada AlarmServer Stack Buffer Overflow', 'Description' = %q This module exploits a stack based buffer overflow found in KingScada 'James Fitts' , 'License' = MSFLICENSE, 'References' = 'CVE', '2014-0787' , 'ZDI', '14-071' , 'URL',...
Viap Automation WinPLC7 5.0.45.5921 - Recv Buffer Overflow Exploit
Exploit for windows platform in category remote exploits require 'msf/core' class MetasploitModule 'VIPA Authomation WinPLC7 recv Stack Buffer Overflow', 'Description' = %q This module exploits a stack based buffer overflow found in VIPA Automation WinPLC7 'james fitts' , 'License' = MSFLICENSE,...
Viap Automation WinPLC7 5.0.45.5921 - Recv Buffer Overflow (Metasploit)
require 'msf/core' class MetasploitModule 'VIPA Authomation WinPLC7 recv Stack Buffer Overflow', 'Description' = %q This module exploits a stack based buffer overflow found in VIPA Automation WinPLC7 'james fitts' , 'License' = MSFLICENSE, 'References' = 'ZDI', '17-112' , 'CVE', '2017-5177' ,...
Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack Buffer Overflow (Metasploit)
require 'msf/core' class MetasploitModule 'Fatek Automation PLC WinProladder Stack-based Buffer Overflow', 'Description' = %q This module exploits a stack based buffer overflow found in Fatek Automation PLC WinProladder v3.11 Build 14701. The vulnerability is triggered when a client connects to a...
Hackers Can Remotely Access Syringe Infusion Pumps to Deliver Fatal Overdoses
Internet-of-things are turning every industry into the computer industry, making customers think that their lives would be much easier with smart devices. However, such devices could potentially be compromised by hackers. There are, of course, some really good reasons to connect certain devices t...
ICSMA-17-241-01_Abbott Laboratories ' Accent/Anthem, Accent MRI, Assurity/Allure, and Assurity MRI Pacemaker Vulnerabilities
OVERVIEW MedSec Holdings Ltd has identified vulnerabilities in Abbott Laboratories’ formerly St. Jude Medical pacemakers. Abbott has produced a firmware patch to help mitigate the identified vulnerabilities in their pacemakers that utilize radio frequency RF communications. A third-party security...
ECAVA IntegraXor <= 5.2.1231.0 SQLi Vulnerability
ECAVA IntegraXor is prone to a SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ecava:integraxor...
Cogent Datahub 7.3.9 Gamma Script - Elevation of Privilege
Exploit for windows platform in category local exploits / Exploit Title: Cogent Datahub sc qc "Cogent DataHub" SC QueryS...
Cogent Datahub 7.3.9 Gamma Script - Local Privilege Escalation
Cogent Datahub 7.3.9 Gamma Script - Local Privilege Escalation / Exploit Title: Cogent Datahub sc qc "Cogent DataHub" SC QueryServiceConfig SUCCESS SERVICENAME...