| OSVDB ID | Disclosure Date | Title |
|---|
|
72349
Description:
IGSS contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to dc.exe not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 0xa and 0x17 opcodes. This directory traversal attack would allow the attacker to execute arbitrary commands.
|
2011-03-21
|
7-Technologies IGSS dc.exe Packet Handling Multiple Opcode Traversal Arbitrary Command Execution
|
|
72830
Description:
Unknown / Incomplete
|
2011-05-12
|
7-Technologies IGSS IGSSdataServer Service Multiple Unspecified Remote DoS
|
|
72351
Description:
A format string flaw exists in IGSS. IGSSdataServer.exe fails to properly sanitize format string specifiers (e.g., %s and %x). With a specially crafted request, a remote attacker can crash the service or possibly execute arbitrary code.
|
2011-03-21
|
7-Technologies IGSS IGSSdataServer.exe logText() Function Format String
|
|
72353
Description:
IGSS is prone to an overflow condition. IGSSdataServer.exe fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted request, a remote attacker can potentially cause arbitrary code execution.
|
2011-03-21
|
7-Technologies IGSS IGSSdataServer.exe Multiple Command Overflow
|
|
72354
Description:
IGSS contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to IGSSdataServer.exe not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 0xd opcode. This directory traversal attack would allow the attacker to manipulate arbitrary files.
|
2011-03-21
|
7-Technologies IGSS IGSSdataServer.exe Packet Handling Opcode 0xd Traversal Arbitrary File Manipulation
|
|
72352
Description:
IGSS is prone to an overflow condition. IGSSdataServer.exe fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted request, a remote attacker can potentially cause arbitrary code execution.
|
2011-03-21
|
7-Technologies IGSS IGSSdataServer.exe RMS Reports Multiple Command Overflow
|
|
72350
Description:
IGSS is prone to an overflow condition. IGSSdataServer fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted STDREP request, a remote attacker can potentially cause arbitrary code execution.
|
2011-03-21
|
7-Technologies IGSS IGSSdataServer.exe STDREP Request SQL Query String Overflow
|
|
78611
Description:
7-Technologies Interactive Graphical SCADA System is prone to a memory corruption condition. The ODBC server, Odbcixv9se.exe, fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted structure in a packet sent to TCP port 20222, a remote attacker can potentially execute arbitrary code.
|
2011-04-28
|
7-Technologies IGSS ODBC Server Odbcixv9se.exe Invalid Structure Parsing Remote Memory Corruption
|
|
72117
Description:
7-Technologies Interactive Graphical SCADA System is prone to an overflow condition. The ODBC server, Odbcixv9se.exe, fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted packet to TCP port 20222, a remote attacker can potentially execute arbitrary code.
|
2011-04-28
|
7-Technologies IGSS ODBC Server Odbcixv9se.exe Packet Parsing Remote Overflow
|
|
77227
Description:
Unknown / Incomplete
|
2011-07-08
|
7-Technologies IGSS ODBC Server Packet Parsing Remote Memory Corruption
|
|
73099
Description:
Unknown / Incomplete
|
2011-02-08
|
7-Technologies IGSS ODBC Server Remote Heap Corruption DoS
|
|
78328
Description:
7-Technologies Interactive Graphical SCADA System is prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening an executable file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.
|
2012-01-16
|
7-Technologies Interactive Graphical SCADA System Path Subversion Arbitrary DLL Injection Code Execution
|
|
77977
Description:
(Description Provided by CVE) : Multiple buffer overflows in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) 9.0.0.11355 and earlier allow remote attackers to execute arbitrary code or cause a denial of service via a crafted packet to TCP port (1) 12397 or (2) 12399.
|
2011-12-20
|
7-Technologies Interactive Graphical SCADA System Unspecified Packet Parsing Remote Overflow
|
|
77976
Description:
(Description Provided by CVE) : Buffer overflow in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) 9.0.0.11200 allows remote attackers to cause a denial of service via a crafted packet to TCP port 12401.
|
2011-12-20
|
7-Technologies Interactive Graphical SCADA System Unspecified Packet Parsing Remote Overflow DoS
|
|
19639
Description:
A local overflow exists in 7-Zip. 7-Zip contains a boundary error when handling an ARJ block that is larger than 2600 bytes resulting in a stack-based overflow. With a specially crafted request, an attacker can run arbitrary code resulting in a loss of integrity.
|
2005-09-23
|
7-Zip ARJ Archive Processing Overflow
|
|
43649
Description:
(Description Provided by CVE) : Unspecified vulnerability in 7-zip before 4.5.7 has unknown impact and remote attack vectors, as demonstrated by the PROTOS GENOME test suite for Archive Formats (c10).
|
2008-03-17
|
7-Zip Unspecified Archive Handling Issue
|
|
44426
Description:
(Description Provided by CVE) : SQL injection vulnerability in index.php in 724Networks 724CMS 4.01 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.
|
2008-04-07
|
724CMS index.php ID Parameter SQL Injection
|
|
55286
Description:
7ammel (7ml) contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the cpanel/login.php script not properly sanitizing user-supplied input to the 'username' and 'password' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2009-06-03
|
7ammel (7ml) cpanel/login.php Multiple Parameter SQL Injection
|
|
55301
Description:
7ammel (7ml) contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the cpanel/login.php script not properly sanitizing user-supplied input to the 'username' and 'password' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2009-06-03
|
7ammel (7ml) cpanel/login.php Multiple Parameter SQL Injection
|
|
54426
Description:
(Description Provided by CVE) : Unrestricted file upload vulnerability in includes/imageupload.php in 7Shop 1.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/artikel/.
|
2008-10-29
|
7Shop includes/imageupload.php Unrestricted File Upload Arbitrary Code Execution
|
