Code injection

Unitronics VisiLogic OPLC IDE before 9.8.02 does not properly restrict access to ActiveX controls, which allows remote attackers to have an unspecified impact via a crafted web site...

CVE-2015-6478

Summary (CVE-2015-6478) : This vulnerability affects Unitronics VisiLogic OPLC IDE (prior to 9.8.02/9.8.0.0 and earlier in some advisories) where ActiveX controls (TeeChart5.ocx, TeePreviewer, TeeCommander, TeeGrid, etc.) are not properly restricted. A remote attacker can lure a user to a crafted...

CVE-2015-7905

Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to execute unspecified code via unknown vectors...

CVE-2015-6478

Unitronics VisiLogic OPLC IDE before 9.8.02 does not properly restrict access to ActiveX controls, which allows remote attackers to have an unspecified impact via a crafted web site...

CVE-2015-7905

CVE-2015-7905 affects Unitronics VisiLogic OPLC IDE and UniDownloader via the IPWorksSSL.HTTPS ActiveX controls. A memory/pointer handling flaw exists in the SSLCertHandle (HTTPS) and related properties (WinSockPath, PostDataB/FirewallDataB) that can lead to remote code execution when a user open...

Unitronics VisiLogic OPLC IDE Vulnerabilities (Update A)

OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-15-274-02 Unitronics VisiLogic OPLC IDE Vulnerabilities that was published November 12, 2015, on the NCCIC/ICS-CERT web site. HP’s Zero Day Initiative ZDI reported to ICS-CERT that Steven Seeley of Source Incite,...

CVE-2011-5086

https50.ocx in IPWorks! SSL in the server in Unitronics UniOPC before 2.0.0 does not properly implement an unspecified function, which allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted web site...

CVE-2011-5086

https50.ocx in IPWorks! SSL in the server in Unitronics UniOPC before 2.0.0 does not properly implement an unspecified function, which allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted web site...

CVE-2011-5086

The CVE-2011-5086 issue affects Unitronics UniOPC Server prior to version 2.0.0, arising from the IPWorks! SSL component (https50.ocx) not properly implementing a function. This can be triggered remotely via a crafted web site, leading to a crash and potentially arbitrary code execution. Affected...

TeeChart Professional ActiveX Control Trusted Integer Dereference

This module exploits an integer overflow in TeeChart Pro ActiveX control. When sending an overly large/negative integer value to the AddSeries property of TeeChart2010.ocx, the code will perform an arithmetic operation that wraps the value and is later directly trusted and called upon. This modul...

TeeChart Professional ActiveX Control 2010.0.0.3 - Trusted Integer Dereference (Metasploit)

$Id: teechartpro.rb 13522 2011-08-11 11:17:30Z swtornio $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...

Unitronics UNIOPC Server Input Handling Vulnerability

Overview Independent security researchers Billy Rios and Terry McCorkle have identified a vulnerability in Unitronics’ UniOPC Server product. --------- Begin Update A Part 1 of 3 -------- This vulnerability is a result of improper handling of input by a third-party component, https50.ocx, which i...