17 matches found
EUVD-2021-24942
Malware in sbrugna...
EUVD-2021-23990
Malware in sbrugna...
CVE-2021-38490
Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different vulnerability than CVE-2021-37425...
CVE-2021-37425
Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key...
Altova MobileTogether Server 7.3 - XML External Entity Injection Vulnerability
Exploit Title: Altova MobileTogether Server 7.3 - XML External Entity Injection XXE Exploit Author: RedTeam Pentesting GmbH Vendor Homepage: https://www.altova.com/mobiletogether-server Version: 7.3 CVE: 2021-37425 Advisory: XML External Entity Expansion in MobileTogether Server RedTeam Pentestin...
Altova MobileTogether Server 7.3 - XML External Entity Injection (XXE)
Exploit Title: Altova MobileTogether Server 7.3 - XML External Entity Injection XXE Date: 2021-08-10 Exploit Author: RedTeam Pentesting GmbH Vendor Homepage: https://www.altova.com/mobiletogether-server Version: 7.3 CVE: 2021-37425 Advisory: XML External Entity Expansion in MobileTogether Server...
CVE-2021-37425
Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key...
CVE-2021-38490
Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different vulnerability than CVE-2021-37425...
CVE-2021-38490
Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different vulnerability than CVE-2021-37425...
Privilege escalation
Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different vulnerability than CVE-2021-37425...
Design/Logic Flaw
Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key...
CVE-2021-38490
Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different vulnerability than CVE-2021-37425...
CVE-2021-38490
CVE-2021-38490 affects Altova MobileTogether Server before 7.3 SP1 and enables XML exponential entity expansion. This is a distinct issue from CVE-2021-37425; no further details on impact or remediation are provided in the connected documents.
CVE-2021-37425
Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key...
CVE-2021-37425
CVE-2021-37425 affects Altova MobileTogether Server prior to 7.3 SP1. The issue is XML External Entity (XXE) processing that can allow a user with app access to read arbitrary files from the server filesystem (e.g., MobileTogether server config) and potentially read certificates/private keys, and...
Altova MobileTogether Server 安全漏洞
Altova MobileTogether Server is a server from Altova Austria that provides MobileTogether solutions for client mobile devices. A security vulnerability exists in Altova MobileTogether Server versions prior to 7.3 SP1 that stems from the program allowing XML index entity extensions...
Altova MobileTogether Server 代码问题漏洞
Altova MobileTogether Server is a server from Altova Austria that provides MobileTogether solutions for client mobile devices. A security vulnerability exists in Altova MobileTogether Server versions prior to 7.3 SP1, which can be exploited by an attacker to read certificates and private keys...