103 matches found
CVE-2018-15616
A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. Affected versions of System Platform includes 6.3.0 through 6.3.9 and 6.4.0 through 6.4.2...
CVE-2018-15616
A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. Affected versions of System Platform includes 6.3.0 through 6.3.9 and 6.4.0 through 6.4.2...
Deserialization of untrusted data
A vulnerability in the Web UI component of Avaya Aura System Platform could allow a remote, unauthenticated user to perform a targeted deserialization attack that could result in remote code execution. Affected versions of System Platform includes 6.3.0 through 6.3.9 and 6.4.0 through 6.4.2...
Seeker - Find GeoLocation With High Accuracy
Seeker utilizes HTML5, Javascript, JQuery and PHP to grab Device Information and GeoLocation with High Accuracy. Other tools and services offer IP Geolocation which is not very accurate and does not give location of user. Generally if a user accepts location permsission, Accuracy of the informati...
CVE-2015-3940
Untrusted search path vulnerability in Schneider Electric Wonderware System Platform before 2014 R2 Patch 01 allows local users to gain privileges via a Trojan horse DLL in an unspecified directory...
Design/Logic Flaw
Untrusted search path vulnerability in Schneider Electric Wonderware System Platform before 2014 R2 Patch 01 allows local users to gain privileges via a Trojan horse DLL in an unspecified directory...
CVE-2015-3940
Untrusted search path vulnerability in Schneider Electric Wonderware System Platform before 2014 R2 Patch 01 allows local users to gain privileges via a Trojan horse DLL in an unspecified directory...
CVE-2015-3940
CVE-2015-3940 describes an untrusted search path vulnerability (CWE-427) in Schneider Electric Wonderware System Platform, affecting 2014 R2 and earlier versions. The issue allows local privilege escalation when a local user runs the vulnerable application and loads a Trojan-horse DLL from an uns...
Unspecified Vulnerability in Schneider Electric Wonderware System Platform
Wonderware System Platform is a system platform used in a variety of applications. A fixed search path vulnerability exists in Schneider Electric's Wonderware InTouch, Application Server, Historian, SuiteLink application. This vulnerability could be exploited by an attacker to install and execute...
Default Password (cliuser) for 'cliuser' Account
The account 'cliuser' on the remote host has the password 'cliuser'. An attacker may leverage this issue to gain administrative access to the affected system. Note that Cisco Unified Computing System Platform Emulator is known to use these credentials to provide administrative access to the CLI...
Oracle Java SE CVE-2013-2465 Memory Corruption Vulnerability
Description Oracle Java SE is prone to a memory-corruption vulnerability in Java Runtime Environment. Attackers can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions...
Oracle Java SE CVE-2013-2471 Buffer Overflow Vulnerability
Description Oracle Java SE is prone to a buffer-overflow vulnerability in Java Runtime Environment. An attacker can exploit this issue to execute arbitrary code in the context of the current user. This vulnerability affects the following supported versions: 7 Update 21 , 6 Update 45 , 5.0 Update ...
CVE-2012-3007
Stack-based buffer overflow in slssvc.exe before 58.x in Invensys Wonderware SuiteLink in the Invensys System Platform software suite, as used in InTouch/Wonderware Application Server IT before 10.5 and WAS before 3.5, DASABCIP before 4.1 SP2, DASSiDirect before 3.0, DAServer Runtime Components...
CVE-2012-0258
Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier, InFusion CE/FE/SCADA 2.5 and earlier, Wonderware Information Server 4.5 and earlier, ArchestrA...
Heap overflow
Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier, InFusion CE/FE/SCADA 2.5 and earlier, Wonderware Information Server 4.5 and earlier, ArchestrA...
Heap overflow
Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier, InFusion CE/FE/SCADA 2.5 and earlier, Wonderware Information Server 4.5 and earlier, ArchestrA...
CVE-2012-0258
The CVE-2012-0258 issue is a heap-based buffer overflow in the WWCabFile ActiveX Component used by Wonderware System Platform and related products (Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier, InFusion CE/FE/SCADA 2.5 and earlier, Wonderware Informatio...
CVE-2012-0257
The CVE-2012-0257 issue is a heap-based buffer overflow in the WWCabFile ActiveX component used by Wonderware System Platform and several associated products (e.g., Wonderware Application Server 2012, Foxboro Control Software 3.1, InFusion CE/FE/SCADA 2.5, Wonderware Information Server 4.5, Arche...
Wonderware SuiteLink Unallocated Unicode String Vulnerability
Overview This Advisory is a follow-up to the original ICS-CERT Alert titled ICS-ALERT-12-136-01 Wonderware SuiteLink Unallocated Unicode String that was published May 15, 2012 on the ICS-CERT web page. Independent researcher Luigi Auriemma identified a maliciously crafted Unicode string...
Oracle Java SE Rhino Script Engine Remote Code Execution Vulnerability
Description Oracle Java SE is prone to a remote code-execution vulnerability in Java Runtime Environment. The vulnerability can be exploited over multiple protocols. This issue affects the 'Scripting' sub-component. This vulnerability affects the following supported versions: JDK and JRE 7, 6...