Threat Encyclopedia
Triangle Research International Nano-10 PLC devices with firmware before r81 use an incorrect algorithm for bounds checking of data in Modbus/TCP packets, which allows remote attackers to cause a denial of service .
The vulnerability is due to insufficient boundary checking of coil number in Modbus packets. A remote attacker can take advantage of this vulnerability to crash the PLC.
A stack buffer overflow exists in Advantech's WebAccess SCADA software. This is due to insufficient input validation on the AccessCode2 parameter of the webvact.ocx ActiveX control, a part of the WebAccess Client.
WellinTech KingView is prone to multiple insecure-method vulnerabilities because it fails to properly sanitize user-supplied input.
A stack buffer overflow exists in Advantech's WebAccess SCADA software. This is due to insufficient input validation on the AccessCode2 parameter of the webvact.ocx ActiveX control, a part of the WebAccess Client.
A stack buffer overflow exists in Advantech's WebAccess SCADA software. This is due to insufficient input validation on the AccessCode2 parameter of the webvact.ocx ActiveX control, a part of the WebAccess Client.
WellinTech KingView is prone to multiple insecure-method vulnerabilities because it fails to properly sanitize user-supplied input.
Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string.
CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka File Manager upload) unauthenticated remote code execution via shell metacharacters.
Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string.
The flaw is due to insufficient validation of input to the AddSeries property in the TeeChart ActiveX control. By enticing a user to visit a malicious web page, arbitrary code can be executed on the client system.
Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code.
The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted URL path.
Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).
The vulnerability is due to lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. A specially crafted DCE/RPC request can overflow a buffer, which could lead to arbitrary code execution or abnormal termination within the context of the WebAccess process.
Mitsubishi MC-WorX is prone to a remote code-execution vulnerability.
Mitsubishi MC-WorX is prone to a remote code-execution vulnerability.
A stack-based buffer overflow vulnerability was found in version 5.3.11.1230 of scadaTEC's ScadaPhone. In order for the command to be executed, an attacker must convince someone to load a specially crafted project zip file with ScadaPhone.
A stack-based buffer overflow vulnerability has been identified in the Remote Agent component of InduSoft Web Studio. The vulnerability is due to an insufficient boundary check when copying user supplied data with the "Remove File" (0x15) operation.
A buffer overflow vulnerability was found in Sielco Sistem Winlog <= 2.07.00. When sending a specially formatted packet to the Runtime.exe service, an attacker may be able to execute arbitrary code.
This website uses cookies to ensure you get the best experience on our website.
Learn more