CVE-2018-17216
https://notcve.org/view.php?id=CVE-2018-17216
An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is password hash exposure to privileged users. Se ha descubierto un problema desde las versiones 6.5 a la 8.2 de PTC ThingWorx Platform. Hay una exposición de hashes de contraseñas a usuarios privilegiados. • https://www.ptc.com/en/support/article?n=CS291004 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-17217
https://notcve.org/view.php?id=CVE-2018-17217
An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is a hardcoded encryption key. Se ha descubierto un problema desde las versiones 6.5 a la 8.2 de PTC ThingWorx Platform. Hay una clave de cifrado embebida. • https://www.ptc.com/en/support/article?n=CS291004 • CWE-798: Use of Hard-coded Credentials •
CVE-2015-2061 – PTC Creo View Heap Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-2061
Heap-based buffer overflow in the browser plugin for PTC Creo View allows remote attackers to execute arbitrary code via vectors involving setting a large buffer to an unspecified attribute. Desbordamiento de buffer basado en memoria dinámica en el plugin browser para PTC Creo View permite a atacantes remotos ejecutar código arbitrario a través de vectores que involucran configurar un buffer grande a un atributo no especificado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of PTC Creo View. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Creo View browser plugin. An attacker can trigger a heap overflow, by setting a large buffer to a specific attribute. • http://www.securityfocus.com/bid/72836 http://www.zerodayinitiative.com/advisories/ZDI-15-051 https://support.ptc.com/appserver/cs/view/solution.jsp?n=CS172389 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-9267 – PTC IsoView ActiveX Control ViewPort Heap Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-9267
Heap-based buffer overflow in the PTC IsoView ActiveX control allows remote attackers to execute arbitrary code via a crafted ViewPort property value. Desbordamiento de buffer basado en memoria dinámica en el control PTC IsoView ActiveX permite a atacantes remotos ejecutar código arbitrario a través de un valor de propiedad ViewPort manipulado. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the PTC IsoView ActiveX control. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ViewPort property of the control. By setting the property to a malicious value, an attacker can overflow a statically allocated heap buffer. • http://www.securityfocus.com/bid/71491 http://www.zerodayinitiative.com/advisories/ZDI-14-398 http://www.zerodayinitiative.com/advisories/ZDI-14-399 https://support.ptc.com/appserver/cs/view/solution.jsp?n=CS181001 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-4600
https://notcve.org/view.php?id=CVE-2007-4600
The "Protect Worksheet" functionality in Mathsoft Mathcad 12 through 13.1, and PTC Mathcad 14, implements file access restrictions via a protection element in a gzipped XML file, which allows attackers to bypass these restrictions by removing this element. La funcionalidad "" en Mathsoft Mathcad 12 hasta 13.1, y PTC Mathcad 14, implementa restricciones de acceso a fichero mediante un elemento de protección en un fichero XML comprimido con gzip, lo cual permite a atacantes remotos evitar estas restricciones eliminando este elemento. • http://osvdb.org/43764 http://securityreason.com/securityalert/3248 http://www.securityfocus.com/archive/1/482341/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/37263 • CWE-264: Permissions, Privileges, and Access Controls •