339 matches found
CVE-2013-3664
CVE-2013-3664 affects Trimble SketchUp (formerly Google SketchUp) before version 13.0.3689. It permits remote code execution via a crafted color palette table in a MAC Pict texture, causing an out-of-bounds stack write. This CVE exists due to an incomplete fix for CVE-2013-3662 and was split from...
CVE-2013-7388
Heap-based buffer overflow in paintlib, as used in Trimble SketchUp formerly Google SketchUp before 2013 13.0.3689, allows remote attackers to execute arbitrary code via a crafted RLE4-compressed bitmap BMP. NOTE: this issue was SPLIT from CVE-2013-3664 due to different affected products and...
CVE-2013-7388
The CVE-2013-7388 entry describes a heap-based buffer overflow in the paintlib component used by Trimble SketchUp prior to version 13.0.3689, exploitable via a crafted RLE4 BMP. This affects SketchUp’s use of paintlib; the issue is described as a heap overflow enabling remote code execution. The ...
CVE-2013-3663
SketchUp before 8 Maintenance 3 is affected by CVE-2013-3663 (BMP RLE8 Heap Overflow) due to a heap overflow in the BMP RLE8 decoding path borrowed from paintlib. The vulnerability allows remote code execution by parsing a crafted BMP texture embedded in a SKP file; the issue is fixed in 8M3 (and...
Trimble Navigation SketchUp BMP File Code Execution - Ver2 (CVE-2013-3663)
A remote code execution vulnerability exists in Trimble Navigation's SketchUp. The vulnerability is due to a heap buffer overflow while processing BMP files which contain malicious RLE data. Remote unauthenticated attackers can exploit this vulnerability by enticing a target user to open a...
CVE-2013-6038
Stack-based buffer overflow in Trimble SketchUp Viewer 13.0.4124 allows remote attackers to execute arbitrary code via a crafted .SKP file...
CVE-2013-6038
CVE-2013-6038 : A stack-based buffer overflow in SketchUp Viewer 13.0.4124 allows remote attackers to execute arbitrary code by opening a specially crafted .SKP file. The issue is triggered during parsing of the .SKP, enabling potentially remote code execution without user interaction. The CVSS m...
Trimble Navigation SketchUp BMP File Code Execution (CVE-2013-3663)
A remote code execution vulnerability has been reported in Trimble Navigation's SketchUp...
Trimble Navigation SketchUp BMP File Buffer Overflow (CVE-2013-3664)
A remote code execution vulnerability exists in Trimble Navigation's Sketchup...
Trimble Navigation SketchUp PICT File Buffer Overflow - Improved Performance (CVE-2013-3664)
A remote code execution vulnerability has been reported in Trimble SketchUp. The vulnerability is due to a stack buffer overflow while processing PICT files which contain a malicious number of ARGB entries. A remote attacker can exploit this vulnerability by enticing a target user to open a...
Google SketchUp < 13.0.3689 SKP Multiple Vulnerabilities
The version of Google SketchUp installed on the remote Windows host is earlier than 13.0.3689. As such, it reportedly is affected by multiple buffer overflows related to the handling of '.SKP' files. Specially crafted files containing BMP RLE4 compressed textures or MAC Pict textures can cause th...
CVE-2012-5053
Cross-site scripting XSS vulnerability in the Receiver Web User Interface on Trimble Infrastructure GNSS Series Receivers NetR3, NetR5, NetR8, and NetR9 before 4.70, and NetRS before 1.3-2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the Receiver Web User Interface on Trimble Infrastructure GNSS Series Receivers NetR3, NetR5, NetR8, and NetR9 before 4.70, and NetRS before 1.3-2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-5053
CVE-2012-5053 affects Trimble Infrastructure GNSS Series Receivers: NetR3/NetR5/NetR8/NetR9 vulnerable in their Receiver Web User Interface prior to firmware 4.70, and NetRS prior to 1.3-2. The issue is a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary HTML/script...
CVE-2012-5053
Cross-site scripting XSS vulnerability in the Receiver Web User Interface on Trimble Infrastructure GNSS Series Receivers NetR3, NetR5, NetR8, and NetR9 before 4.70, and NetRS before 1.3-2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Trimble® Infrastructure GNSS Series Receivers Cross Site Scripting (XSS) vulnerability
Trimble® Infrastructure GNSS Series Receivers Cross Site Scripting XSS vulnerability: - CVE: CVE-2012-5053 - Deloitte Argentina Advisory Code: DTTAR-20130001 - Vendor Status: CONFIRMED - Public Disclosure Date: January, 15th, 2013. - Vendors Affected: Trimble - http://www.trimble.com/ - Systems...
Trimble Infrastructure GNSS crossite scripting
Web interface crossite scripting...
Google/Trimble SketchUp Application Detection
Binary data 6882.prm...
Google/Trimble SketchUp Detection
Google SketchUp or Trimble SketchUp formerly Google SketchUp is installed on the remote host. SketchUp is a 3-D modeling application. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid56712; scriptversion"1.13"; scriptsetattributeattribute:"pluginmodificationdate",...