17 matches found
EUVD-2021-23990
Malware in sbrugna...
EUVD-2021-24942
Malware in sbrugna...
CVE-2021-38490
Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different vulnerability than CVE-2021-37425...
CVE-2021-37425
Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key...
Altova MobileTogether Server 7.3 - XML External Entity Injection (XXE)
Exploit Title: Altova MobileTogether Server 7.3 - XML External Entity Injection XXE Date: 2021-08-10 Exploit Author: RedTeam Pentesting GmbH Vendor Homepage: https://www.altova.com/mobiletogether-server Version: 7.3 CVE: 2021-37425 Advisory: XML External Entity Expansion in MobileTogether Server...
Altova MobileTogether Server 7.3 - XML External Entity Injection Vulnerability
Exploit Title: Altova MobileTogether Server 7.3 - XML External Entity Injection XXE Exploit Author: RedTeam Pentesting GmbH Vendor Homepage: https://www.altova.com/mobiletogether-server Version: 7.3 CVE: 2021-37425 Advisory: XML External Entity Expansion in MobileTogether Server RedTeam Pentestin...
CVE-2021-37425
Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key...
CVE-2021-38490
Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different vulnerability than CVE-2021-37425...
CVE-2021-38490
Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different vulnerability than CVE-2021-37425...
Design/Logic Flaw
Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key...
Privilege escalation
Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different vulnerability than CVE-2021-37425...
CVE-2021-38490
CVE-2021-38490 affects Altova MobileTogether Server before 7.3 SP1 and enables XML exponential entity expansion. This is a distinct issue from CVE-2021-37425; no further details on impact or remediation are provided in the connected documents.
CVE-2021-38490
Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different vulnerability than CVE-2021-37425...
CVE-2021-37425
CVE-2021-37425 affects Altova MobileTogether Server prior to 7.3 SP1. The issue is XML External Entity (XXE) processing that can allow a user with app access to read arbitrary files from the server filesystem (e.g., MobileTogether server config) and potentially read certificates/private keys, and...
CVE-2021-37425
Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key...
Altova MobileTogether Server 代码问题漏洞
Altova MobileTogether Server is a server from Altova Austria that provides MobileTogether solutions for client mobile devices. A security vulnerability exists in Altova MobileTogether Server versions prior to 7.3 SP1, which can be exploited by an attacker to read certificates and private keys...
Altova MobileTogether Server 安全漏洞
Altova MobileTogether Server is a server from Altova Austria that provides MobileTogether solutions for client mobile devices. A security vulnerability exists in Altova MobileTogether Server versions prior to 7.3 SP1 that stems from the program allowing XML index entity extensions...