CVSS: 10.0EPSS: 10%CPEs: 1EXPL: 0CVE-2015-7912 – Tibbo AggreGate SCADA/HMI Server Service uploadDirectory Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-7912
20 Nov 2015 — The Ice Faces servlet in ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows remote attackers to upload and execute arbitrary Java code via a crafted XML document. El servlet Ice Faces en ag_server_service.exe en el AggreGate Server Service en Tibbo AggreGate en versiones anteriores a 5.30.06 permite a atacantes remotos cargar y ejecutar código Java arbitrario a través de un documento XML manipulado. This vulnerability allows remote attackers to execute arbitrary c... • http://zerodayinitiative.com/advisories/ZDI-15-571 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-7913 – Tibbo AggreGate SCADA/HMI Apache Axis AdminService Arbitrary Class Instantiation Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2015-7913
20 Nov 2015 — ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows local users to execute arbitrary Java code with SYSTEM privileges by using the Apache Axis AdminService deployment method to publish a class. ag_server_service.exe en el AggreGate Server Service en Tibbo AggreGate en versiones anteriores a 5.30.06 permite a usuarios locales ejecutar código Java arbitrario con privilegios SYSTEM mediante el uso del método de despliegue Apache Axis AdminService para publicar una cla... • http://zerodayinitiative.com/advisories/ZDI-15-572 •