>> ARCHIVE: 2015-12

ChromiumCart version 0.8.1 suffers from an arbitrary file upload vulnerability.

EvolutionScript version 5.0 suffers from cross site scripting and remote SQL injection vulnerabilities.

Deadlock version 1.01 suffers from an arbitrary file upload vulnerability.

DMarket version 1.0 suffers from a remote PHP code injection vulnerability.

Docebo LMS version 4.0.3 suffers from a cross site scripting vulnerability.

Circutor PowerStudio SCADA version 4.0.5 suffers from an unquoted search path issue impacting the services ‘CircutorPowerStudioScadaServer’ and ‘CircutorPowerStudioServer’ for Windows deployed as part of PowerStudio Series. This could potentially allow…

iniNet SpiderControl SCADA Editor version 6.30.01 suffers from an insecure file permission vulnerability that can lead to privilege escalation.

SpiderControl PLC Editor Simatic suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice….

SpiderControl SCADA Web Server Service suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of…

GEOVAP Reliance 4 Control Server suffers from an unquoted search path issue impacting the service ‘RelianceOpcDaWrapper’ for Windows deployed as part of Reliance 4 SCADA/HMI system installer including Reliance OPC…