5 matches found
CVE-2026-6803 AI Chatbot & Workflow Automation by AIWU <= 1.4.12 - Missing Authorization to Unauthenticated Arbitrary Data Deletion via AJAX Actions 'removeGroup' and 'clear'
The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.4.12. This is due to missing capability checks and nonce verification on AJAX actions registered under both wpajax and wpajaxnopriv hooks, as the base...
Code injection
NETxAutomation NETxEIB OPC Server before 3.0.1300 does not properly validate OLE for Process Control OPC server handles, which allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors involving the 1 IOPCSyncIO::Read, 2 IOPCSyncIO::Write, 3...
Code injection
Unspecified vulnerability in the IOPCServer::RemoveGroup function in the OPCDA interface in Takebishi Electric DeviceXPlorer OLE for Process Control OPC Server before 3.12 Build3 allows remote attackers to execute arbitrary code via unspecified vectors involving access to arbitrary memory. NOTE:...
CVE-2007-1319
The CVE refers to an arbitrary code execution vulnerability in the Takebishi DeviceXPlorer OPC Server family (HIDIC, SYSMAC, MELSEC, FA-M3, MODBUS) via the OPC DA interface. The issue stems from the server implementation of the IOPCServer::RemoveGroup method, which can access arbitrary memory and...
CVE-2007-1319
Unspecified vulnerability in the IOPCServer::RemoveGroup function in the OPCDA interface in Takebishi Electric DeviceXPlorer OLE for Process Control OPC Server before 3.12 Build3 allows remote attackers to execute arbitrary code via unspecified vectors involving access to arbitrary memory. NOTE:...