Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
web studio vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2015-2912
The JSONP endpoint in the Studio component in OrientDB Server Community Edition prior to 2.0.15 and 2.1.x prior to 2.1.1 does not properly restrict callback values, which allows remote malicious users to conduct cross-site request forgery (CSRF) attacks, and obtain sensitive info...
Orientdb Orientdb 2.1.0
Orientdb Orientdb
5.9
CVSSv3
CVE-2015-2913
server/network/protocol/http/OHttpSessionManager.java in the Studio component in OrientDB Server Community Edition prior to 2.0.15 and 2.1.x prior to 2.1.1 improperly relies on the java.util.Random class for generation of random Session ID values, which makes it easier for remote...
Orientdb Orientdb 2.1.0
Orientdb Orientdb 2.0.14
6.1
CVSSv3
CVE-2015-2918
The Studio component in OrientDB Server Community Edition prior to 2.0.15 and 2.1.x prior to 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote malicious users to conduct clickjacking attacks via a crafted web site.
Orientdb Orientdb 2.0.14
Orientdb Orientdb 2.1.0
NA
CVE-2015-7374
The Remote Agent component in Schneider Electric InduSoft Web Studio prior to 8.0 allows remote malicious users to execute arbitrary code via unspecified vectors, aka ZDI-CAN-2649.
Indusoft Web Studio
NA
CVE-2015-7375
Schneider Electric InduSoft Web Studio prior to 8.0 allows remote malicious users to execute arbitrary code or cause a denial of service (unhandled runtime exception and application crash) via a crafted Indusoft Project file.
Indusoft Web Studio
NA
CVE-2015-1009
Schneider Electric InduSoft Web Studio prior to 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition up to and including 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file.
Indusoft Web Studio
Wonderware Intouch
NA
CVE-2015-0996
Schneider Electric InduSoft Web Studio prior to 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 prior to 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users ...
Aveva Aveva Edge
Schneider-electric Wonderware Intouch 2014
NA
CVE-2015-0997
Schneider Electric InduSoft Web Studio prior to 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 prior to 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes it easier for remote malicious users to obtain access via a brute-force pass...
Aveva Aveva Edge
Schneider-electric Wonderware Intouch 2014
NA
CVE-2015-0998
Schneider Electric InduSoft Web Studio prior to 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 prior to 7.1.3.4 SP3 Patch 4 transmit cleartext credentials, which allows remote malicious users to obtain sensitive information by sniffing the network.
Aveva Aveva Edge
Schneider-electric Wonderware Intouch 2014
NA
CVE-2015-0999
Schneider Electric InduSoft Web Studio prior to 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 prior to 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file.
Aveva Aveva Edge
Schneider-electric Wonderware Intouch 2014
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »