| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Omron CX-One CX-Programmer before 9.6 uses a reversible format for password storage in project source-code files, which makes it easier for local users to obtain sensitive information by reading a file. |
| PACTware 4.1 SP3 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers an internal error. |
| Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that modify the default user's password via a GET request. |
| Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory. |
| Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information. |
| Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors. |
| Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. |
| Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests. |
| Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack. |
| Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password. |
| The mach_vm_read functionality in the kernel in Apple OS X before 10.10.3 allows local users to cause a denial of service (system crash) via unspecified vectors. |
| Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allows local users to obtain sensitive information by reading this file. |
| Stack-based buffer overflow in the OpenForIPCamTest method in the RTSPVIDEO.rtspvideoCtrl.1 (aka SStreamVideo) ActiveX control in Moxa SoftCMS before 1.3 allows remote attackers to execute arbitrary code via the StrRtspPath parameter. |
| Remote file upload vulnerability in mailcwp v1.99 wordpress plugin |
| Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin |
| Open Proxy in filedownload v1.4 wordpress plugin |
| Blind SQL Injection in filedownload v1.4 wordpress plugin |
| XSS in filedownload v1.4 wordpress plugin |
| Remote file download vulnerability in candidate-application-form v1.0 wordpress plugin |
| Remote file download vulnerability in recent-backups v0.7 wordpress plugin |