39 matches found
EUVD-2018-7526
Malware in sbrugna...
EUVD-2018-7530
Malware in sbrugna...
EUVD-2018-7528
Malware in sbrugna...
EUVD-2018-7527
Malware in sbrugna...
EUVD-2018-7529
Malware in sbrugna...
EUVD-2023-33831
Malicious code in bioql PyPI...
EUVD-2023-33834
Malicious code in bioql PyPI...
CVE-2023-2335
Plaintext Password in Registry vulnerability in 42gears surelock windows surelockwinsetupv2.40.0.Exe on Windows Registery modules allows Retrieve Admin user credentials This issue affects surelock windows: from 2.3.12 through 2.40.0...
SureMDM On-premise < 6.31 - CAPTCHA Bypass User Enumeration Exploit
Exploit Title: SureMDM On-premise 6.31 - CAPTCHA Bypass User Enumeration Exploit Author: Jonas Benjamin Friedli Vendor Homepage: https://www.42gears.com/products/mobile-device-management/ Version: = 6.31 Tested on: 6.31 CVE : CVE-2023-3897 import requests import sys def printhelp: print"Usage:...
SureMDM On-Premise CAPTCHA Bypass / User Enumeration
Exploit Title: SureMDM On-premise 6.31 - CAPTCHA Bypass User Enumeration Date: 05/12/2023 Exploit Author: Jonas Benjamin Friedli Vendor Homepage: https://www.42gears.com/products/mobile-device-management/ Version: = 6.31 Tested on: 6.31 CVE : CVE-2023-3897 import requests import sys def printhelp...
Default credentials
Plaintext Password in Registry vulnerability in 42gears surelock windows surelockwinsetupv2.40.0.Exe on Windows Registery modules allows Retrieve Admin user credentials This issue affects surelock windows: from 2.3.12 through 2.40.0...
CVE-2023-2335
CVE-2023-2335 concerns 42Gears Surelock for Windows: plaintext passwords stored in the registry within the surelockwinsetupv2.40.0.Exe registry modules, allowing retrieval of administrator credentials. Affected versions are Surelock Windows 2.3.12–2.40.0. Reported impact is confidentiality risk (...
CVE-2023-2335 Plaintext Password in Registry
Plaintext Password in Registry vulnerability in 42gears surelock windows surelockwinsetupv2.40.0.Exe on Windows Registery modules allows Retrieve Admin user credentials This issue affects surelock windows: from 2.3.12 through 2.40.0...
CVE-2023-2331
Unquoted service Path or Element vulnerability in 42Gears Surelock Windows SureLock Service NixService.Exe on Windows application will allows to insert arbitrary code into the service. This issue affects Surelock Windows : from 2.3.12 through 2.40.0...
Path traversal
Unquoted service Path or Element vulnerability in 42Gears Surelock Windows SureLock Service NixService.Exe on Windows application will allows to insert arbitrary code into the service. This issue affects Surelock Windows : from 2.3.12 through 2.40.0...
CVE-2023-2331 Bypassing hardening via Unquoted Service path vulnerability
Unquoted service Path or Element vulnerability in 42Gears Surelock Windows SureLock Service NixService.Exe on Windows application will allows to insert arbitrary code into the service. This issue affects Surelock Windows : from 2.3.12 through 2.40.0...
CVE-2023-2331
CVE-2023-2331 relates to an Unquoted service Path/Element vulnerability in the 42Gears Surelock Windows SureLock Service (NixService.Exe). Affected versions are 2.3.12 through 2.40.0. The underlying issue is an unquoted service path, enabling local arbitrary code insertion into the service. CVSSv...
PT-2023-18902 · 42Gears · Surelock
Name of the Vulnerable Software and Affected Versions: 42Gears Surelock Windows versions 2.3.12 through 2.40.0 Description: The issue is related to an Unquoted service Path or Element vulnerability in the SureLock Service NixService.Exe on Windows application, which allows arbitrary code insertio...
42Gears Surelock 代码问题漏洞
42Gears Surelock is an industry-leading tool from 42Gears USA that locks devices into kiosk mode. A security vulnerability exists in 42Gears Surelock version 2.40.0 that stems from the presence of elevation of privilege and local code execution issues...
Design/Logic Flaw
An issue was discovered in the registration API endpoint in 42Gears SureMDM before 2018-11-27. An attacker can submit a GET request to /api/register/:email, where :email is a base64 encoded e-mail address, to receive confirmation as to whether a user account exists in the system with the specifie...