Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests. Date published : 2015-04-03 https://ics-cert.us-cert.gov/advisories/ICSA-15-090-01
Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. Date published : 2015-04-03 https://ics-cert.us-cert.gov/advisories/ICSA-15-090-01
Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors. Date published : 2015-04-03 https://ics-cert.us-cert.gov/advisories/ICSA-15-090-01
Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information. Date published : 2015-04-03 https://ics-cert.us-cert.gov/advisories/ICSA-15-090-01
Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory. Date published : 2015-04-03 https://ics-cert.us-cert.gov/advisories/ICSA-15-090-02
Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2015-04-03 https://ics-cert.us-cert.gov/advisories/ICSA-15-090-01
Buffer overflow in Saitoh Kikaku Maruo Editor 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted .hmbook file. Date published : 2015-04-03 http://jvn.jp/en/jp/JVN58784309/294291/index.html http://jvn.jp/en/jp/JVN58784309/index.html
The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during generation of the Meta Description field, which allows remote attackers to obtain...
Cisco IOS XE 3.10.2S on an ASR 1000 device with an Embedded Services Processor (ESP) module, when NAT is enabled, allows remote attackers to cause a denial of service (module crash) via malformed H.323...
SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515. Date published :...
Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744. Date published : 2015-04-03 http://tools.cisco.com/security/center/viewAlert.x?alertId=38118 http://www.securitytracker.com/id/1032003
Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a "deprecated page," aka Bug ID CSCup90168. Date published : 2015-04-03 http://tools.cisco.com/security/center/viewAlert.x?alertId=38113 http://www.securitytracker.com/id/1032002
Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers to read arbitrary files via a crafted pathname, aka Bug ID CSCus00241. Date published...
The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial...