|
273131
|
- |
|
inductiveautomation
|
ignition
|
Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.
|
CWE-254
7PK - Security Features
|
CVE-2015-0993
|
2024-11-21 11:24 |
2015-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273132
|
- |
|
inductiveautomation
|
ignition
|
Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2015-0992
|
2024-11-21 11:24 |
2015-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273133
|
- |
|
inductiveautomation
|
ignition
|
Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information.
|
CWE-200
Information Exposure
|
CVE-2015-0991
|
2024-11-21 11:24 |
2015-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273134
|
- |
|
ecava
|
integraxor
|
Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory.
|
NVD-CWE-Other
|
CVE-2015-0990
|
2024-11-21 11:24 |
2015-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273135
|
- |
|
inductiveautomation
|
ignition
|
Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2015-0976
|
2024-11-21 11:24 |
2015-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273136
|
- |
|
google
|
chrome
|
Race condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in Google Chrome before 41.0.2272.118 allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspeci…
|
CWE-362
Race Condition
|
CVE-2015-1234
|
2024-11-21 11:24 |
2015-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273137
|
- |
|
google
|
chrome
|
Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors.
|
CWE-17
Code
|
CVE-2015-1233
|
2024-11-21 11:24 |
2015-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273138
|
- |
|
xzeres
|
442sr_os
442sr
|
Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that modify the default user's pa…
|
CWE-352
Origin Validation Error
|
CVE-2015-0985
|
2024-11-21 11:24 |
2015-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273139
|
- |
|
honeywell
|
excel_web_xl_1000c1000_600_i\/o
excel_web_xl_1000c50u_52_i\/o_uukl
excel_web_xl_1000c500_300_i\/o_uukl
excel_web_xl_1000c1000_600_i\/o_uukl
excel_web_xl_1000c100_104_i\/o
excel_web_xl_…
|
Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O U…
|
CWE-22
Path Traversal
|
CVE-2015-0984
|
2024-11-21 11:24 |
2015-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273140
|
- |
|
schneider-electric
aveva
|
wonderware_intouch_2014
aveva_edge
|
Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allow…
|
CWE-200
Information Exposure
|
CVE-2015-0999
|
2024-11-21 11:24 |
2015-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
