Rockwell RSLogix versions 19 and below suffer from a denial of service vulnerability. Proof of concept included.
c9770b73bffdf1e561ce9b9d72d5919869a906d5d974c2c7a7559369770ee038
Carel PlantVisor versions 2.4.4 and below suffer from a directory traversal vulnerability. Proof of concept included.
0db85f30f0a2817ff4d7b01422999cb7780a4d95bea77d105d433dc8693906b9
Pragea Movicon / PowerHMI versions 11.2.1085 and below suffer from a memory corruption vulnerability. Proof of concept included.
15775dc3f5bfa268b960b52de96bb01e64c87d9edf2097efa8ca6c9f34693580
Pragea Movicon / PowerHMI versions 11.2.1085 and below suffer from a heap overflow vulnerability.
1a18eb34d2ac8c1bfd2abb31f68a4a81b7ee2b9c873dea6e6ae7fcb46c47fe97
Pragea Movicon / PowerHMI versions 11.2.1085 and below suffer from a memory corruption vulnerability. Proof of concept included.
a0fbee0dcee72f289887ea9255884ea07f7063636fa36519fec2e0f35fcc35ca
DAQFactory versions 5.95 build 1853 and below suffer from a stack overflow vulnerability. Proof of concept included.
2aa39c968d5c45275fa5dbe8c0c9813e0c35a6707e64062ce8ccdf0f1411b7f3
Cogent Datahub versions 7.1.1.63 and below suffer from a source code disclosure vulnerability. Proof of concept code included.
56427e5bbb305a7e55344a0a0ee7a87490b0ddaca4f6235043e721d887a6640e
Cogent Datahub versions 7.1.1.63 and below suffer from a directory traversal. Proof of concept code included.
b29f4473e27f604499ad69de1a2f61d89bc50b1c65d538a2de42902b41a8cf6a
Cogent Datahub versions 7.1.1.63 and below suffer from an integer overflow vulnerability. Proof of concept code included.
3b82ac8e93275f85903294a268576d68b1abf244570592c09ef37e9637b15db6
Cogent Datahub versions 7.1.1.63 and below suffer from a stack unicode overflow. Proof of concept code included.
72dc2de21a45303949eb0534385f4c83ba30901256655a7a8ae7f9721155504f
eSignal and eSignal Pro versions 10.6.2425.1208 and below suffer from heap overflow and code execution vulnerabilities. Proof of concept included.
1c3b4b90673b3f25249adbac41e4bf93b7f0f578474b8a5f975ead271530aaa5
Equis MetaStock versions 11 and below suffer from a use-after-free vulnerability that is exploitable through invalid and malformed files. Proof of concept included.
6e4ef27827490796a7460aee70a83aa334f0c4600b839ba071bdf40be5771a7b
Microsoft WINS service versions 5.2.3790.4520 and below suffer from a memory corruption vulnerability.
84385a490b727e9d04e9626854b82614cbe512ecafb6f93a84f0f8991c067a96
BroadWin WebAccess Client with bwocxrun.ocx versions 1.0.0.10 and below suffer from format string and memory corruption vulnerabilities. The OcxSpool function is affected by a format string vulnerability caused by the usage of the Msg string provided by the attacker directly with vsprintf() without the required format argument. WriteTextData and CloseFile allow to corrupt arbitrary zones of the memory through a fully controllable stream identifier in fclose() and fwrite().
15455c76959ce3375afe0d9ca55c3e3406b7eb808cd072c8d28bf369a9e800f5
Iconics GENESIS32 version 9.21.201.01 suffers from an integer overflow vulnerability. The GenBroker service on port 38080 is affected by three integer overflow vulnerabilities while handling opcode 0x4b0, which is caused by abusing the the memory allocations needed for the number of elements passed by the client. This results unexpected behaviors such as direct registry calls, memory location calls, or arbitrary remote code execution. Please note that in order to ensure reliability, this exploit will try to open calc (hidden), inject itself into the process, and then open up a shell session. Also, DEP bypass is supported.
7bae29e02d02057cc61741efd202ae99da696fffbf3d953322faa7fcd5294a22
foobar2000 versions 1.1.7 and below suffer from an integer overflow vulnerability.
e1be7ed3ad055d54958fd516bb25e5f37b083fd880252d91e6465dc4109cc84c
HP OpenView Communication Broker (ovbbccb.exe versions 11.0.43.0 and below) suffer from an arbitrary file deletion vulnerability.
986bc67bf92ec6f9f779b02911e1349819b414d7082a4622ce743f01160246c4
Sybase Adaptive Server versions 15.5 and below suffer from a format string vulnerability in bcksrvr.
1fbfcebcb3e6ddb496ee415f7ae76428107d6524149a03421962db18e5684581
Winamp versions 5.61 and below suffer from multiple heap overflow vulnerabilities.
0f2a78b4aac0afcb240d087a9fde529d8e28496927a3ddde83f0f2d6fba82506
HP OpenView Performance Agent (ovbbccb.exe versions 6.20.50.0 and below) suffer from an arbitrary file deletion vulnerability.
7d59d753152e867af2baa1fa2866cd3a57d33f78ac76a3387fc7da8a45ecbf4b
Winamp versions 5.61 and below suffer from multiple heap overflows and corruption and an integer overflow. Proof of concept code included.
23df304bc95256e399de1584a4c2057c6c417d43ffde347c35effa2a74e84e08
Novell ZenWorks Handheld Management versions 7.0.2.61213 and below suffer from an upload directory traversal vulnerability.
8d5f4d6d07a2a05d41dd920dfe7f872b42e04ea12490ff678d85951d089794e4
Sybase Advantage Server versions 10.0.0.3 and below suffer from an off-by-one vulnerability.
5b5a3e6feccf3d2a968916d2ea23684fd5cb76da747b934fe1d89f2d7415dc68
This Metasploit module exploits a vulnerability found on Siemens FactoryLink 8. The vulnerability occurs when CSService.exe processes a CSMSG_ListFiles_REQ message, the user-supplied path first gets converted to ANSI format (CodePage 0), and then gets handled by a logging routine where proper bounds checking is not done, therefore causing a stack-based buffer overflow, and results arbitrary code execution.
65d113826f876957b01b3af64f658a9a29b8bdb88aec0e06454d38d90a4b7bf2
This Metasploit module exploits a stack buffer overflow in DATAC Control International RealWin SCADA Server 2.1 (Build 6.0.10.10) or earlier. By sending a specially crafted On_FC_CONNECT_FCS_LOGIN packet containing a long username, an attacker may be able to execute arbitrary code.
eefc2e2dd1a8e6e3d6bbd51968ba293d8582140300ddd65d9a563690a5bf114b