CVSS: 9.8EPSS: 88%CPEs: 6EXPL: 0CVE-2013-5021 – ABB DataManager National Instruments Multiple ActiveX Controls cwui.ocx ExportStyle() Method Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2013-5021
11 Jun 2013 — Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunc... • http://digital.ni.com/public.nsf/allkb/04B876608790082C86257BD1000CC950?OpenDocument • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 4CVE-2002-0748 – National Instruments LabVIEW 5.1.1/6.0/6.1 - HTTP Request Denial of Service
https://notcve.org/view.php?id=CVE-2002-0748
12 Aug 2002 — LabVIEW Web Server 5.1.1 through 6.1 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that ends in two newline characters, instead of the expected carriage return/newline combinations. LabVIEW Web Server 5.1.1 hasta 6.1 permite que atacantes remotos provoquen una denegación de servicio mediante una petición GET de HTTP que acaba en dos caracteres de nueva línea, en vez de la combinación esperada (retorno de carro + nueva línea). • https://www.exploit-db.com/exploits/21413 •