[CLOSE] OSVDB ID : 79408 - Disclosed: 2012-02-17

Description:

7-Technologies AQUIS is prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening an unspecified file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 72349 - Disclosed: 2011-03-21

Description:

IGSS contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to dc.exe not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 0xa and 0x17 opcodes. This directory traversal attack would allow the attacker to execute arbitrary commands.

[CLOSE] OSVDB ID : 72830 - Disclosed: 2011-05-13

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 72351 - Disclosed: 2011-03-21

Description:

A format string flaw exists in IGSS. IGSSdataServer.exe fails to properly sanitize format string specifiers (e.g., %s and %x). With a specially crafted request, a remote attacker can crash the service or possibly execute arbitrary code.

[CLOSE] OSVDB ID : 72353 - Disclosed: 2011-03-21

Description:

IGSS is prone to an overflow condition. IGSSdataServer.exe fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted request, a remote attacker can potentially cause arbitrary code execution.

[CLOSE] OSVDB ID : 72354 - Disclosed: 2011-03-21

Description:

IGSS contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to IGSSdataServer.exe not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 0xd opcode. This directory traversal attack would allow the attacker to manipulate arbitrary files.

[CLOSE] OSVDB ID : 72352 - Disclosed: 2011-03-21

Description:

IGSS is prone to an overflow condition. IGSSdataServer.exe fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted request, a remote attacker can potentially cause arbitrary code execution.

[CLOSE] OSVDB ID : 72350 - Disclosed: 2011-03-21

Description:

IGSS is prone to an overflow condition. IGSSdataServer fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted STDREP request, a remote attacker can potentially cause arbitrary code execution.

[CLOSE] OSVDB ID : 78611 - Disclosed: 2011-04-27

Description:

7-Technologies Interactive Graphical SCADA System is prone to a memory corruption condition. The ODBC server, Odbcixv9se.exe, fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted structure in a packet sent to TCP port 20222, a remote attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 72117 - Disclosed: 2011-04-27

Description:

7-Technologies Interactive Graphical SCADA System is prone to an overflow condition. The ODBC server, Odbcixv9se.exe, fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted packet to TCP port 20222, a remote attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 77227 - Disclosed: 2011-07-08

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 73099 - Disclosed: 2011-02-08

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 78328 - Disclosed: 2012-01-16

Description:

7-Technologies Interactive Graphical SCADA System is prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening an executable file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 77977 - Disclosed: 2011-12-21

Description:

7-Technologies Interactive Graphical SCADA System contains an overflow condition in the service listening on TCP ports 12399 and 12397. The issue is triggered as unspecified user-supplied input is not properly validated when parsing received packets. With a specially crafted request, a remote attacker can cause a buffer overflow, resulting in a denial of service or potentially execution of arbitrary code.

[CLOSE] OSVDB ID : 77976 - Disclosed: 2011-12-21

Description:

7-Technologies Interactive Graphical SCADA System contains an overflow condition in the service listening on TCP port 12401. The issue is triggered as unspecified user-supplied input is not properly validated when parsing received packets. With a specially crafted request, a remote attacker can cause a buffer overflow, resulting in a denial of service.

[CLOSE] OSVDB ID : 79407 - Disclosed: 2012-02-17

Description:

7-Technologies TERMIS is prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening an unspecified file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 19639 - Disclosed: 2005-09-23

Description:

A local overflow exists in 7-Zip. 7-Zip contains a boundary error when handling an ARJ block that is larger than 2600 bytes resulting in a stack-based overflow. With a specially crafted request, an attacker can run arbitrary code resulting in a loss of integrity.

[CLOSE] OSVDB ID : 43649 - Disclosed: 2008-03-17

Description:

(Description Provided by CVE) : Unspecified vulnerability in 7-zip before 4.5.7 has unknown impact and remote attack vectors, as demonstrated by the PROTOS GENOME test suite for Archive Formats (c10).

[CLOSE] OSVDB ID : 44426 - Disclosed: 2008-04-07

Description:

(Description Provided by CVE) : SQL injection vulnerability in index.php in 724Networks 724CMS 4.01 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.

[CLOSE] OSVDB ID : 55286 - Disclosed: 2009-06-03

Description:

7ammel (7ml) contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the cpanel/login.php script not properly sanitizing user-supplied input to the 'username' and 'password' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 55301 - Disclosed: 2009-06-03

Description:

7ammel (7ml) contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the cpanel/login.php script not properly sanitizing user-supplied input to the 'username' and 'password' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 54426 - Disclosed: 2008-10-29

Description:

(Description Provided by CVE) : Unrestricted file upload vulnerability in includes/imageupload.php in 7Shop 1.1 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/artikel/.