Monthly Archive: April 2012

Unspecified vulnerability in HP OpenVMS 7.3-2 on the Alpha platform, 8.3 and 8.4 on the Alpha and IA64 platforms, and 8.3-1h1 on the IA64 platform allows local users to cause a denial of service...

Buffer overflow in the Security Login ActiveX controls in ICONICS GENESIS32 8.05, 9.0, 9.1, and 9.2 and BizViz 8.05, 9.0, 9.1, and 9.2 allows remote attackers to cause a denial of service (application crash)...

The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web...

Unspecified vulnerability in AdAstrA TRACE MODE Data Center allows remote attackers to read arbitrary files via unknown vectors, as demonstrated by the GLEG Agora SCADA+ Exploit Pack for Immunity CANVAS. Date published : 2012-04-18...

https50.ocx in IP*Works! SSL in the server in Unitronics UniOPC before 2.0.0 does not properly implement an unspecified function, which allows remote attackers to cause a denial of service (application crash) or possibly execute...

Open Automation Software OPC Systems.NET before 5.0 allows remote attackers to cause a denial of service via a malformed .NET RPC packet on TCP port 58723. Date published : 2012-04-18 http://www.us-cert.gov/control_systems/pdf/ICSA-12-012-01.pdf

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.0 allows local users to modify data or obtain sensitive information via unknown vectors. Date published : 2012-04-18 http://www.securityfocus.com/archive/1/522374 http://www.securityfocus.com/archive/1/522374

Buffer overflow in the embedded web server on the Siemens Scalance X Industrial Ethernet switch X414-3E before 3.7.1, X308-2M before 3.7.2, X-300EEC before 3.7.2, XR-300 before 3.7.2, and X-300 before 3.7.2 allows remote attackers...

Multiple stack-based buffer overflows in (1) COM and (2) ActiveX controls in ABB WebWare Server, WebWare SDK, Interlink Module, S4 OPC Server, QuickTeach, RobotStudio S4, and RobotStudio Lite allow remote attackers to execute arbitrary...

Stack-based buffer overflow in the Profinet DCP protocol implementation on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 allows remote attackers to cause a...

The web server on the Siemens Scalance S Security Module firewall S602 V2, S612 V2, and S613 V2 with firmware before 2.3.0.3 does not limit the rate of authentication attempts, which makes it easier...

envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working...

Heap-based buffer overflow in the FlashPix PlugIn before 4.3.4.0 for IrfanView might allow remote attackers to execute arbitrary code via a .fpx file containing a crafted FlashPix image that is not properly handled during...

Multiple cross-site scripting (XSS) vulnerabilities in Demand Media Pluck SiteLife before 5.0.13 allow remote attackers to inject arbitrary web script or HTML via (1) the jsonRequest parameter to Direct/Process, the (2) r or (3)...