Rockwell RSLogix versions 19 and below suffer from a denial of service vulnerability. Proof of concept included.
c9770b73bffdf1e561ce9b9d72d5919869a906d5d974c2c7a7559369770ee038Carel PlantVisor versions 2.4.4 and below suffer from a directory traversal vulnerability. Proof of concept included.
0db85f30f0a2817ff4d7b01422999cb7780a4d95bea77d105d433dc8693906b9Pragea Movicon / PowerHMI versions 11.2.1085 and below suffer from a memory corruption vulnerability. Proof of concept included.
15775dc3f5bfa268b960b52de96bb01e64c87d9edf2097efa8ca6c9f34693580Pragea Movicon / PowerHMI versions 11.2.1085 and below suffer from a heap overflow vulnerability.
1a18eb34d2ac8c1bfd2abb31f68a4a81b7ee2b9c873dea6e6ae7fcb46c47fe97Pragea Movicon / PowerHMI versions 11.2.1085 and below suffer from a memory corruption vulnerability. Proof of concept included.
a0fbee0dcee72f289887ea9255884ea07f7063636fa36519fec2e0f35fcc35caDAQFactory versions 5.95 build 1853 and below suffer from a stack overflow vulnerability. Proof of concept included.
2aa39c968d5c45275fa5dbe8c0c9813e0c35a6707e64062ce8ccdf0f1411b7f3Cogent Datahub versions 7.1.1.63 and below suffer from a source code disclosure vulnerability. Proof of concept code included.
56427e5bbb305a7e55344a0a0ee7a87490b0ddaca4f6235043e721d887a6640eCogent Datahub versions 7.1.1.63 and below suffer from a directory traversal. Proof of concept code included.
b29f4473e27f604499ad69de1a2f61d89bc50b1c65d538a2de42902b41a8cf6aCogent Datahub versions 7.1.1.63 and below suffer from an integer overflow vulnerability. Proof of concept code included.
3b82ac8e93275f85903294a268576d68b1abf244570592c09ef37e9637b15db6Cogent Datahub versions 7.1.1.63 and below suffer from a stack unicode overflow. Proof of concept code included.
72dc2de21a45303949eb0534385f4c83ba30901256655a7a8ae7f9721155504feSignal and eSignal Pro versions 10.6.2425.1208 and below suffer from heap overflow and code execution vulnerabilities. Proof of concept included.
1c3b4b90673b3f25249adbac41e4bf93b7f0f578474b8a5f975ead271530aaa5Equis MetaStock versions 11 and below suffer from a use-after-free vulnerability that is exploitable through invalid and malformed files. Proof of concept included.
6e4ef27827490796a7460aee70a83aa334f0c4600b839ba071bdf40be5771a7bMicrosoft WINS service versions 5.2.3790.4520 and below suffer from a memory corruption vulnerability.
84385a490b727e9d04e9626854b82614cbe512ecafb6f93a84f0f8991c067a96BroadWin WebAccess Client with bwocxrun.ocx versions 1.0.0.10 and below suffer from format string and memory corruption vulnerabilities. The OcxSpool function is affected by a format string vulnerability caused by the usage of the Msg string provided by the attacker directly with vsprintf() without the required format argument. WriteTextData and CloseFile allow to corrupt arbitrary zones of the memory through a fully controllable stream identifier in fclose() and fwrite().
15455c76959ce3375afe0d9ca55c3e3406b7eb808cd072c8d28bf369a9e800f5Iconics GENESIS32 version 9.21.201.01 suffers from an integer overflow vulnerability. The GenBroker service on port 38080 is affected by three integer overflow vulnerabilities while handling opcode 0x4b0, which is caused by abusing the the memory allocations needed for the number of elements passed by the client. This results unexpected behaviors such as direct registry calls, memory location calls, or arbitrary remote code execution. Please note that in order to ensure reliability, this exploit will try to open calc (hidden), inject itself into the process, and then open up a shell session. Also, DEP bypass is supported.
7bae29e02d02057cc61741efd202ae99da696fffbf3d953322faa7fcd5294a22foobar2000 versions 1.1.7 and below suffer from an integer overflow vulnerability.
e1be7ed3ad055d54958fd516bb25e5f37b083fd880252d91e6465dc4109cc84cHP OpenView Communication Broker (ovbbccb.exe versions 11.0.43.0 and below) suffer from an arbitrary file deletion vulnerability.
986bc67bf92ec6f9f779b02911e1349819b414d7082a4622ce743f01160246c4Sybase Adaptive Server versions 15.5 and below suffer from a format string vulnerability in bcksrvr.
1fbfcebcb3e6ddb496ee415f7ae76428107d6524149a03421962db18e5684581Winamp versions 5.61 and below suffer from multiple heap overflow vulnerabilities.
0f2a78b4aac0afcb240d087a9fde529d8e28496927a3ddde83f0f2d6fba82506HP OpenView Performance Agent (ovbbccb.exe versions 6.20.50.0 and below) suffer from an arbitrary file deletion vulnerability.
7d59d753152e867af2baa1fa2866cd3a57d33f78ac76a3387fc7da8a45ecbf4bWinamp versions 5.61 and below suffer from multiple heap overflows and corruption and an integer overflow. Proof of concept code included.
23df304bc95256e399de1584a4c2057c6c417d43ffde347c35effa2a74e84e08Novell ZenWorks Handheld Management versions 7.0.2.61213 and below suffer from an upload directory traversal vulnerability.
8d5f4d6d07a2a05d41dd920dfe7f872b42e04ea12490ff678d85951d089794e4Sybase Advantage Server versions 10.0.0.3 and below suffer from an off-by-one vulnerability.
5b5a3e6feccf3d2a968916d2ea23684fd5cb76da747b934fe1d89f2d7415dc68This Metasploit module exploits a vulnerability found on Siemens FactoryLink 8. The vulnerability occurs when CSService.exe processes a CSMSG_ListFiles_REQ message, the user-supplied path first gets converted to ANSI format (CodePage 0), and then gets handled by a logging routine where proper bounds checking is not done, therefore causing a stack-based buffer overflow, and results arbitrary code execution.
65d113826f876957b01b3af64f658a9a29b8bdb88aec0e06454d38d90a4b7bf2This Metasploit module exploits a stack buffer overflow in DATAC Control International RealWin SCADA Server 2.1 (Build 6.0.10.10) or earlier. By sending a specially crafted On_FC_CONNECT_FCS_LOGIN packet containing a long username, an attacker may be able to execute arbitrary code.
eefc2e2dd1a8e6e3d6bbd51968ba293d8582140300ddd65d9a563690a5bf114b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed