Results for

Luigi Auriemma

5
MEDIUM
CVE-2012-5972

Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI.

SpecviewSpecview
7.5
HIGH
CVE-2011-5008

Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to execute arbitrary code via a large size value in the packet header, which triggers a heap-based buffer overflow.

10
HIGH
CVE-2011-5007

Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080.

3ssoftwareCodesys
5
MEDIUM
CVE-2011-5009

The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a crafted Content-Length in an HTTP POST or (2) an invalid HTTP request method.

3ssoftwareCodesys
9.3
HIGH
CVE-2011-3400

Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."

MicrosoftWindows Server 2003Windows Xp
NA
CVE-2012-02301

OverviewICS-CERT received a report from GE Intelligent Platforms and the Zero Day Initiative (ZDI) concerning multiple memory corruption vulnerabilities in the GE Intelligent Platforms Proficy Plant Applications. These vulnerabilities were reported to ZDI by independent security ...

NA
CVE-2012-02312

OverviewICS-CERT received a report from GE Intelligent Platforms and the Zero Day Initiative (ZDI) concerning multiple memory corruption vulnerabilities in the GE Intelligent Platforms Proficy Plant Applications. These vulnerabilities were reported to ZDI by independent security ...

10
HIGH
CVE-2012-0230

PRRDS.exe in the Proficy Remote Data Service in GE Intelligent Platforms Proficy Plant Applications 5.0 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TCP session on port 12299.

10
HIGH
CVE-2012-0231

PRLicenseMgr.exe in the Proficy Server License Manager in GE Intelligent Platforms Proficy Plant Applications 5.0 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TCP session on port 12401.

5
MEDIUM
CVE-2011-4518

Directory traversal vulnerability in the PmWebDir object in the web server in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to read arbitrary files via unspecified vectors.

MicrosysPromotic
4.3
MEDIUM
CVE-2011-4519

Stack-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page.

MicrosysPromotic
4.3
MEDIUM
CVE-2011-4520

Heap-based buffer overflow in an ActiveX component in MICROSYS PROMOTIC before 8.1.5 allows remote attackers to cause a denial of service via a crafted web page.

MicrosysPromotic
10
HIGH
CVE-2011-4051

CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control.

IndusoftWeb Studio
9.3
HIGH
CVE-2011-4052

Stack-based buffer overflow in CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 allows remote attackers to execute arbitrary code via a crafted 0x15 (aka Remove File) operation for a file with a long name.

10
HIGH
CVE-2012-0245

Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Robot Communications Runtime before 5.14.02, as used in ABB Interlink Module, IRC5 OPC Server, PC SDK, PickMaster 3 and 5, RobView 5, RobotStudio, WebWare SDK, and WebWare Server, allow remote attackers to execute...

7.8
HIGH
CVE-2012-2426

The server in xArrow before 3.4.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors.

10
HIGH
CVE-2012-2427

Heap-based buffer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via packets that trigger an invalid free operation.

10
HIGH
CVE-2012-2428

Integer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via a crafted packet that triggers an out-of-bounds read operation.

10
HIGH
CVE-2012-2429

The server in xArrow before 3.4.1 performs an invalid read operation, which allows remote attackers to execute arbitrary code via unspecified vectors.

7.5
HIGH
CVE-2007-6682

Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter.

VideolanVlc
5
MEDIUM
CVE-2007-6379

BadBlue 2.72b and earlier allows remote attackers to obtain sensitive information via an invalid browse parameter, which reveals the installation path in an error message.

BadblueBadblue