20 matches found
EUVD-2012-0268
Malware in sbrugna...
EUVD-2012-2999
Malware in sbrugna...
EUVD-2013-0662
Malware in sbrugna...
CVE-2013-0652
GE Intelligent Platforms Proficy Real-Time Information Portal does not restrict access to methods of an unspecified Java class, which allows remote attackers to obtain a username listing via an RMI call...
Improper access control
The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to read configuration files, and discover data-source credentials, via a direct request...
CVE-2013-0651
The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to read configuration files, and discover data-source credentials, via a direct request...
GE Intelligent Platforms Proficy Real-Time Information Portal Directory Traversal
Overview ICS-CERT received a report from GE Intelligent Platforms and the Zero Day Initiative ZDI. If exploited, this vulnerability could allow an attacker to create or overwrite a file on the system running Real-Time Information Portal. concerning a directory traversal vulnerability in the GE...
CVE-2012-3026
rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service memory corruption and service crash or possibly execute arbitrary code via long input data, a different vulnerabili...
CVE-2012-3021
rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service memory corruption and service crash or possibly execute arbitrary code via long input data, a different vulnerabili...
CVE-2012-3010
rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service memory corruption and service crash or possibly execute arbitrary code via long input data, a different vulnerabili...
Memory corruption
rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service memory corruption and service crash or possibly execute arbitrary code via long input data, a different vulnerabili...
Memory corruption
rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service memory corruption and service crash or possibly execute arbitrary code via long input data, a different vulnerabili...
CVE-2012-3021
rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service memory corruption and service crash or possibly execute arbitrary code via long input data, a different vulnerabili...
CVE-2012-3010
Vulnerability summary (CVE-2012-3010 / related CVEs) : The GE Intelligent Platforms Proficy Real-Time Information Portal’s Remote Interface Service (rifsrvd.exe), across versions 2.6–3.5 SP1, is affected. A long input data vector in the Remote Interface Service can trigger memory corruption, lead...
CVE-2012-3010
rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service memory corruption and service crash or possibly execute arbitrary code via long input data, a different vulnerabili...
ZDI-12-148 : GE Proficy Real-Time Information Portal Remote Interface Service Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-148 : GE Proficy Real-Time Information Portal Remote Interface Service Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-148 August 22, 2012 - -- CVE ID: CVE-2012-0232 - -- CVSS: 9.4,...
CVE-2012-0232
Directory traversal vulnerability in rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6, 3.0, 3.0 SP1, and 3.5 allows remote attackers to modify the configuration via crafted strings...
CVE-2012-0232
Directory traversal vulnerability in rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6, 3.0, 3.0 SP1, and 3.5 allows remote attackers to modify the configuration via crafted strings...
CVE-2012-0232
CVE-2012-0232 concerns GE Proficy Real-Time Information Portal. A directory traversal vulnerability exists in the Remote Interface Service (rifsrvd.exe) listening on TCP 5159, where two input strings used to create a configuration file are not sufficiently validated. Remote, unauthenticated attac...
CVE-2008-0174
GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the passwords and gain privileges...