|
263521
|
- |
|
ge
|
intelligent_platforms_proficy_batch_execution
intelligent_platforms_proficy_historian
intelligent_platforms_proficy_hmi\/scada_ifix
intelligent_platforms_proficy_pulse
intelligent_platfor…
|
An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the HTML Help component), as used in GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; Proficy HMI/SCADA iFIX 5.0 an…
|
CWE-78
OS Command
|
CVE-2012-2516
|
2012-07-17 13:00 |
2012-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263522
|
- |
|
wellintech
|
kinghistorian
|
WellinTech KingHistorian 3.0 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer write) via a crafted packet to TCP port 5678.
|
CWE-399
Resource Management Errors
|
CVE-2012-2559
|
2012-07-17 13:00 |
2012-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263523
|
- |
|
wellintech
|
kingview
|
Directory traversal vulnerability in WellinTech KingView 6.53 allows remote attackers to read arbitrary files via a crafted HTTP request to port 8001.
|
CWE-22
Path Traversal
|
CVE-2012-2560
|
2012-07-17 13:00 |
2012-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263524
|
- |
|
johnsoncontrols
|
network_controller
network_controller_firmware
|
The Johnson Controls CK721-A controller with firmware before SSM4388_03.1.0.14_BB allows remote attackers to perform arbitrary actions via crafted packets to TCP port 41014 (aka the download port).
|
CWE-78
OS Command
|
CVE-2012-2607
|
2012-07-17 13:00 |
2012-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263525
|
- |
|
yomecolle
|
nec_biglobe_yome_collection
|
The NEC BIGLOBE Yome Collection application 1.8.3 and earlier for Android allows remote attackers to read the IMEI value from an SD card via a crafted application that lacks the READ_PHONE_STATE perm…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2640
|
2012-07-17 13:00 |
2012-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263526
|
- |
|
irfanview
|
irfanview_plugins
|
Heap-based buffer overflow in jpeg_ls.dll in the Jpeg_LS (aka JLS) plugin in the formats plugins in IrfanView PlugIns before 4.34 allows remote attackers to execute arbitrary code via a crafted JLS f…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-3585
|
2012-07-17 13:00 |
2012-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263527
|
- |
|
avaya
|
ip_office_customer_call_reporter
|
Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.1…
|
NVD-CWE-Other
|
CVE-2012-3811
|
2012-07-17 13:00 |
2012-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263528
|
- |
|
avaya
|
ip_office_customer_call_reporter
|
Per: http://cwe.mitre.org/data/definitions/434.html
'CWE-434: Unrestricted Upload of File with Dangerous Type'
|
NVD-CWE-Other
|
CVE-2012-3811
|
2012-07-17 13:00 |
2012-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263529
|
- |
|
joomla
|
joomla\!
|
Joomla! 2.5.3 allows remote attackers to obtain the installation path via the Host HTTP Header.
|
CWE-200
Information Exposure
|
CVE-2012-3829
|
2012-07-17 13:00 |
2012-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263530
|
- |
|
milesj
|
decoda
|
Cross-site scripting (XSS) vulnerability in decoda/Decoda.php in Decoda before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to (1) b or (2) div tags.
|
CWE-79
Cross-site Scripting
|
CVE-2012-3832
|
2012-07-17 13:00 |
2012-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
