CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-6464
https://notcve.org/view.php?id=CVE-2015-6464
The administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to bypass a read-only protection mechanism by using Firefox with a web-developer plugin. Vulnerabilidad en la interfaz web administrativa en switches Moxa EDS-405A y EDS-408A con firmware anterior a 3.6, permite a usuarios remotos autenticados eludir un mecanismo de protección de solo lectura utilizando Firefox con un plugin de desarrollador web. • http://www.moxa.com/support/download.aspx?type=support&id=328 https://ics-cert.us-cert.gov/advisories/ICSA-15-246-03 •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-6457 – Moxa SoftCMS VLCControl setUserInfoData strIP Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-6457
Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability. Moxa SoftCMS, en versiones 1.3 y anteriores, es susceptible a una condición de desbordamiento de búfer que podría cerrarse inesperadamente o permitir la ejecución remota de código. Moxa lanzó la versión 1.4 de SoftCMS el 1 de junio de 2015 para abordar esta vulnerabilidad. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Moxa SoftCMS. • https://ics-cert.us-cert.gov/advisories/ICSA-15-239-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2015-6458 – Moxa SoftCMS RTSPVIDEO.rtspvideoCtrl.1 AudioRecord Method ip Argument Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-6458
Moxa SoftCMS 1.3 and prior is susceptible to a buffer overflow condition that may crash or allow remote code execution. Moxa released SoftCMS version 1.4 on June 1, 2015, to address the vulnerability. Moxa SoftCMS, en versiones 1.3 y anteriores, es susceptible a una condición de desbordamiento de búfer que podría cerrarse inesperadamente o permitir la ejecución remota de código. Moxa lanzó la versión 1.4 de SoftCMS el 1 de junio de 2015 para abordar esta vulnerabilidad. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Moxa SoftCMS. • https://ics-cert.us-cert.gov/advisories/ICSA-15-239-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 11%CPEs: 1EXPL: 0CVE-2015-1000 – Moxa VPort ActiveX SDK PLUS GetClientReg Model Parameter Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-1000
Stack-based buffer overflow in the OpenForIPCamTest method in the RTSPVIDEO.rtspvideoCtrl.1 (aka SStreamVideo) ActiveX control in Moxa SoftCMS before 1.3 allows remote attackers to execute arbitrary code via the StrRtspPath parameter. Desbordamiento de buffer basado en pila en el método OpenForIPCamTest en el control de ActiveX de RTSPVIDEO.rtspvideoCtrl.1 (también conocido como SStreamVideo) en Moxa SoftCMS anterior a 1.3 permite a atacantes remotos ejecutar código arbitrario a través del parámetro StrRtspPath. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of VPort ActiveX SDK PLUS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the VPORTSDK.VPortSDKCtrl.1 ActiveX control. By passing an overly long string to the GetClientReg method's Model parameter, an attacker can overflow a buffer on the stack. • http://www.securityfocus.com/bid/74966 http://zerodayinitiative.com/advisories/ZDI-15-120 https://ics-cert.us-cert.gov/advisories/ICSA-15-153-02 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 29%CPEs: 1EXPL: 0CVE-2015-0986 – Moxa VPort ActiveX SDK PLUS GetClientReg Name Parameter Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0986
Multiple stack-based buffer overflows in Moxa VPort ActiveX SDK Plus before 2.8 allow remote attackers to insert assembly-code lines via vectors involving a regkey (1) set or (2) get command. Múltiples desbordamientos de buffer basado en pila en Moxa VPort ActiveX SDK Plus anterior a 2.8 permiten a atacantes remotos insertar líneas de código de montaje a través de vectores que involucran un comando regkey (1) set o (2) get. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of VPort ActiveX SDK PLUS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the VPORTSDK.VPortSDKCtrl.1 ActiveX control. By passing an overly long string to the GetClientReg method's Name parameter, an attacker can overflow a buffer on the stack. • http://www.moxa.com/support/download.aspx?d_id=2114 http://www.securityfocus.com/bid/73960 http://www.zerodayinitiative.com/advisories/ZDI-15-392 https://ics-cert.us-cert.gov/advisories/ICSA-15-097-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •