EUVD-2014-2418

Malware in sbrugna...

wis-it.fr Cross Site Scripting vulnerability OBB-2836116

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2014-5397

Cross-site scripting XSS vulnerability in Schneider Electric Wonderware Information Server WIS Portal 4.0 SP1 through 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2014-5398

Schneider Electric Wonderware Information Server WIS Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity XXE issue...

CVE-2014-2381

Schneider Electric Wonderware Information Server WIS Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file...

Sql injection

SQL injection vulnerability in Schneider Electric Wonderware Information Server WIS Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in Schneider Electric Wonderware Information Server WIS Portal 4.0 SP1 through 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2014-5399

CVE-2014-5399 corresponds to SQL injection vulnerabilities in Schneider Electric Wonderware Information Server (WIS) Portal. Connected PT-2014-21 confirms multiple SQL injection flaws affecting WIS, with the vendor releasing updates to mitigate these issues. Affected products include Wonderware I...

CVE-2014-2381

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1–5.5 is affected by CVE-2014-2381 due to inadequate encryption strength (CWE-326). The vulnerability allows local users to obtain sensitive information by reading a credential file, with a local access requirement and no authent...

CVE-2014-2381 Schneider Electric Wonderware Inadequate Encryption Strength

Schneider Electric Wonderware Information Server WIS Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file...

CVE-2014-2380

Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1–5.5 is affected by Inadequate Encryption Strength (CWE-326). The vulnerability arises from weak encryption of credential data, enabling remote attackers to read a credential file and obtain sensitive information. Some sources a...

CVE-2014-5397 Schneider Electric Wonderware Cross-site Scripting

Cross-site scripting XSS vulnerability in Schneider Electric Wonderware Information Server WIS Portal 4.0 SP1 through 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2014-5398

CVE-2014-5398 affects Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 to 5.5. The issue is an XML External Entity (XXE) vulnerability causing local file disclosure or denial of service due to unsafe XML parsing. Affected versions include Portal 4.0 SP1 through 5.5; root caus...

CVE-2014-5397

CVE-2014-5397 concerns multiple Cross-Site Scripting (XSS) vulnerabilities in Schneider Electric Wonderware Information Server (WIS) Portal. Affected: WIS Portal versions 4.0 SP1 through 5.5. Root cause: improper input handling/encoding in the web portal frontend, allowing arbitrary web script or...

CVE-2013-0684

CVE-2013-0684 is a SQL injection vulnerability in Invensys Wonderware Information Server (WIS) affecting WIS 4.0 SP1SP1, 4.5 Portal, and 5.0 Portal. The issue allows remote attackers to execute arbitrary SQL commands via unspecified vectors (CWE-89). Multiple sources confirm the affected products...

CVE-2013-0686

CVE-2013-0686 affects Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5 Portal, and 5.0 Portal. The root cause is an XML External Entity (XXE) vulnerability in XML parsing, enabling remote attackers to read local/remote files, send HTTP requests to intranet servers, or cause DoS via cr...

CVE-2013-0685

CVE-2013-0685 affects Invensys Wonderware Information Server (WIS): versions 4.0 SP1SP1, 4.5 Portal, and 5.0 Portal. The root cause is improper restriction of resource requests, allowing an attacker to perform resource exhaustion that could lead to remote code execution or a denial of service. Ex...

WIS Coldfusion Exploit

Exploit for windows platform in category dos / poc Exploit Title: WIS Coldfusion Exploit Date: 9-9-2012 Author: Noxxie Vendor or Software Link: http://www.wis.nl/Onzeklanten link that also shows customers , gives an idea of inpact Version: All versions with search form are affected Category::...

Small ficus WIS vulnerability of supplementary articles and use article-vulnerability warning-the black bar safety net

: Yesterday I saw ALLyeSNO of this article, but always do not understand the original text that the meaning of the Until today...... Vulnerability found by : ALLyeSNO http://blog.csdn.net/freexploit/ WIS is a small ficus the development of the SQL vulnerability scanning tools WIS on the&character...

Check if client is in WIS ring

Evaluates to true if the RegKey value for RingId is 9...