CVE-2011-4519

Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page...

CVE-2011-4518

Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors...

MICROSYS PROMOTIC Vulnerabilities

Overview This advisory is a follow-up to ICS-ALERT-11-286-01 - MICROSYS PROMOTIC Vulnerabilities, released to the ICS-CERT Web page on October 12, 2011. Independent researcher Luigi Auriemma has identified and released three vulnerabilities in MICROSYS, spol. s r.o. PROMOTIC application without...

Microsys PROMOTIC < 8.1.5 Multiple Vulnerabilities

Binary data scadapromotic815.nbin...

Microsys PROMOTIC Project File Handling Use-after-free Remote Code Execution

Binary data scadapromoticuseafterfree.nbin...

Microsys PROMOTIC Detection

Binary data scadaappmicrosyspromotic.nbin...

CVE-2011-4874

Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service data corruption and application crash via a crafted project aka .pra file...

Design/Logic Flaw

Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service data corruption and application crash via a crafted project aka .pra file...

CVE-2011-4874

Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service data corruption and application crash via a crafted project aka .pra file...

CVE-2011-4874

CVE-2011-4874 affects MICROSYS PROMOTIC before 8.1.7. A use-after-free in handling a crafted project file (.pra) can lead to arbitrary code execution or data corruption with application crash. Affected products: PROMOTIC versions prior to 8.1.7. Exploitation is not remotely exploitable per ICS-CE...

MICROSYS PROMOTIC Use After Free Vulnerability

Overview This advisory is a follow-up to ICS-ALERT-11-333-01 - MICROSYS PROMOTIC Use-After-Free Vulnerability, released on the ICS-CERT Web site on November 28, 2011. Independent researcher Luigi Auriemma has identified and released proof of concept code POC for a use after free vulnerability in...

Microsys Promotic PmTrendViewer ActiveX Control SaveCfg Stack Buffer Overflow

Added: 12/23/2011 OSVDB: 76396 Background Microsys Promotic is a SCADA object software tool for creating applications that monitor, control and display technological processes in various industrial areas. Promotic includes support for a web interface designed for Microsoft Windows. Problem Micros...

Microsys Promotic PmTrendViewer ActiveX Control SaveCfg Stack Buffer Overflow

Added: 12/23/2011 OSVDB: 76396 Background Microsys Promotic is a SCADA object software tool for creating applications that monitor, control and display technological processes in various industrial areas. Promotic includes support for a web interface designed for Microsoft Windows. Problem Micros...

Microsys PROMOTIC 8.1.4 - ActiveX GetPromoticSite Unitialized Pointer

Luigi Auriemma Application: Microsys PROMOTIC http://www.promotic.eu/en/promotic/scada-pm.htm Versions: 8.1.4 Platforms: Windows Bug: ActiveX GetPromoticSite unitialized pointer Exploitation: remote Date: 30 Oct 2011 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1 Introducti...

Microsys PROMOTIC 8.1.4 - ActiveX GetPromoticSite Unitialized Pointer

Microsys PROMOTIC 8.1.4 - ActiveX GetPromoticSite Unitialized Pointer Luigi Auriemma Application: Microsys PROMOTIC http://www.promotic.eu/en/promotic/scada-pm.htm Versions: 8.1.4 Platforms: Windows Bug: ActiveX GetPromoticSite unitialized pointer Exploitation: remote Date: 30 Oct 2011 Author:...

CyberPatrol - poor credit card protection

CyberPatrol - poor credit card protection SUMMARY Product: Cyber Patrol vunerable versions: 4.04.003 & 4.04.005 possibly all other versions non-vunerable versions: unknown Vendor: Microsys formerly owned by Mattel, now JSB Vendor Contacted: Fri, 18 Aug 2000 11:52:20 -0500 CDT Fixes: None availabl...