167 matches found
WellinTech KingSCADA Server Detection via TCP
Binary data 7130.pasl...
KingView 6.53 - ActiveX Remote File Creation / Overwrite (KChartXY)
No description provided by source. !-- KingView ActiveX Control KChartXY Remote File Creation / Overwrite Vendor: http://www.wellintech.com Version: KingView 6.53 Tested on: Windows XP SP3 / IE Download: http://www.wellintech.com/documents/KingView6.53EN.zip Author: Blake CLSID:...
CVE-2014-0787
Stack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 allows remote attackers to execute arbitrary code via a crafted packet...
Stack overflow
Stack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 allows remote attackers to execute arbitrary code via a crafted packet...
CVE-2014-0787
WellinTech KingSCADA CVE-2014-0787 is a stack-based buffer overflow vulnerability affecting KingSCADA before 3.1.2.13. A crafted packet to the AlarmServer service (AEserver.exe) on TCP port 12401 can trigger a stack overflow via an improper size handling in packet parsing, allowing remote code ex...
CVE-2014-0787 WellinTech KingSCADA Stack-based Buffer Overflow
Stack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 allows remote attackers to execute arbitrary code via a crafted packet...
WellinTech KingSCADA未明远程栈缓冲区溢出漏洞
CVE ID:CVE-2014-0787 WellinTech KingSCADA是一款面向高、中端市场的SCADA产品。 WellinTech KingSCADA存在一个基于栈的缓冲区溢出,允许攻击者向KingSCADA发送特制的报文,可以应用程序上下文执行任意代码。 0 WellinTech KingSCADA 目前厂商已经发布了升级补丁以修复漏洞,请下载使用: http://www.wellintech.com/index.php?option=comcontent&view=article&id=56&Itemid=11...
WellinTech KingScada AEserver.exe Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WellinTech KingScada. Authentication is not required to exploit this vulnerability. The specific flaw exists within the protocol parsing code contained in kxNetDispose.dll. The parent service is...
WellinTech Multiple Products kxClientDownload ActiveX Remote Code Execution (CVE-2013-2827)
A remote code execution vulnerability exists in WellinTech multiple products. The vulnerability exists in ClientDownload.ocx ActiveX control and is due to insufficient sanitization of ProjectURL property. A remote unauthenticated attacker can leverage this vulnerability to download and load an...
WellinTech KingSCADA KingAlarm & Event KAEManageServer Information Disclosure Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WellinTech KingSCADA KingAlarm&Event.; Authentication is not required to exploit this vulnerability. The specific flaw exists within KAEManageServer.exe, which listens by default on TCP port 8130...
WellinTech KingScada KingGraphic kxClientDownload ActiveX Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WellinTech KingScada KingGraphics. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...
CVE-2013-2827
An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this code via the ProjectURL property value...
CVE-2013-2826
WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 perform authentication on the KAEClientManager console rather than on the server, which allows remote attackers to bypass intended access restrictions and discover credentials via a crafted packet to TCP...
Authentication flaw
WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 perform authentication on the KAEClientManager console rather than on the server, which allows remote attackers to bypass intended access restrictions and discover credentials via a crafted packet to TCP...
Code injection
An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this code via the ProjectURL property value...
CVE-2013-2826
CVE-2013-2826 affects WellinTech KingSCADA prior to 3.1.2, KingAlarm&Event prior to 3.1, and KingGraphic prior to 3.1.2. Authentication is performed at the KAEClientManager console, not the server, enabling a remote attacker to discover credentials by sending a crafted packet to TCP port 8130. Co...
CVE-2013-2827
CVE-2013-2827 concerns an unresolved ActiveX control in WellinTech KingSCADA (before 3.1.2), KingAlarm&Event (before 3.1), and KingGraphic (before 3.1.2) that allows remote code execution by abusing the ProjectURL property to download and execute a DLL on a client. Root cause: insufficient saniti...
CVE-2013-2827
An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 allows remote attackers to download arbitrary DLL code onto a client machine and execute this code via the ProjectURL property value...
CVE-2013-2826
WellinTech KingSCADA before 3.1.2, KingAlarm&Event before 3.1, and KingGraphic before 3.1.2 perform authentication on the KAEClientManager console rather than on the server, which allows remote attackers to bypass intended access restrictions and discover credentials via a crafted packet to TCP...
WellinTech KingView ActiveX Control Heap Buffer Overflow Remote Code Execution (CVE-2011-3142)
A stack-based buffer overflow vulnerability has been reported in WellinTech KingView ActiveX control. The vulnerability is due to failure to perform adequate boundary checks on user-supplied input. A remote attacker can exploit this vulnerability by sending via a long second argument to the...