Factor suffers from a remote database disclosure vulnerability.
1482317f82c02afb11a92c6efa37f2704c00f6895132a039240e76c681d81b9dOnline Factor suffers from a remote SQL injection vulnerability.
28564442a44789879fdbc3ef3ea016ed3a1e406e654142f7c390b2d814429a5dThis Metasploit module exploits a vulnerability found on Siemens FactoryLink 8. The vulnerability occurs when CSService.exe processes a CSMSG_ListFiles_REQ message, the user-supplied path first gets converted to ANSI format (CodePage 0), and then gets handled by a logging routine where proper bounds checking is not done, therefore causing a stack-based buffer overflow, and results arbitrary code execution.
65d113826f876957b01b3af64f658a9a29b8bdb88aec0e06454d38d90a4b7bf2This Metasploit module exploits a stack buffer overflow in FactoryLink 7.5, 7.5 SP2, and 8.0.1.703. By sending a specially crafted packet, an attacker may be able to execute arbitrary code. Originally found and posted by Luigi Auriemma.
180a8907d61d69a4ded59759afdcd03ea9f1757008b99fd69ef2a1c78f4f6f23Multiple SQL injection vulnerabilities exist in the FactoSystem Content Management System that may allow an attacker to introduce instructions into an SQL query. The vulnerabilities exist because the script fails to verify the validity of numeric data or fails to properly escape certain control characters in strings. Example URL's included. IIS 4.0 or later with ASP enabled and FactoSystem CMS is vulnerable.
ee36de64eb584a076aeb54df0ade130381a6b183754d96a8f8b501bcb9428882
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed