CVE-2023-25718

In ConnectWise Control through 22.9.10032 formerly known as ScreenConnect, after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a different attacker-controlled executable file. It is...

CVE-2019-16512

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. There is stored XSS in the Appearance modifier...

CVE-2019-16514

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. The server allows remote code execution. Administrative users could upload an unsigned extension ZIP file containing executable code that is subsequently executed by the server...

CVE-2019-16515

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. Certain HTTP security headers are not used...

CVE-2019-16513

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. CSRF can be used to send API requests...

EUVD-2019-7194

Malware in sbrugna...

EUVD-2019-7191

Malware in sbrugna...

EUVD-2019-7192

Malware in sbrugna...

EUVD-2019-7189

Malware in sbrugna...

EUVD-2019-7190

Malware in sbrugna...

EUVD-2023-29629

Malicious code in bioql PyPI...

CVE-2023-25719

ConnectWise Control before 22.9.10032 formerly known as ScreenConnect fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to...

CVE-2023-23127

In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. NOTE: the vendor's position is that, by design, this is controlled by a configuration option in which a customer can choose to use HTTP rather than HTTPS during troubleshooting...

CVE-2023-23128

Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing CORS. The vendor's position is that two endpoints have Access-Control-Allow-Origin wildcarding to support product functionality, and that there is no risk from this behavior. The vulnerability report is thus not...

CVE-2019-16516

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. There is a user enumeration vulnerability, allowing an unauthenticated attacker to determine with certainty if an account exists for a given username...

CVE-2019-16517

An issue was discovered in ConnectWise Control formerly known as ScreenConnect 19.3.25270.7185. There is a CORS misconfiguration, which reflected the Origin provided by incoming requests. This allowed JavaScript running on any domain to interact with the server APIs and perform administrative...

ConnectWise Control Security Vulnerability

ConnectWise Control is a self-hosted remote desktop software application from ConnectWise USA. A security vulnerability exists in ConnectWise Control version 23.8.4 and earlier, which originates from allowing local users to connect to arbitrary relay servers via an implicit trust set by the proxy...

CVE-2023-25719

ConnectWise Control before 22.9.10032 formerly known as ScreenConnect fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. This results in reflected data and injection of malicious code into a downloaded executable. The executable can be used to...

CVE-2023-25718

In ConnectWise Control through 22.9.10032 formerly known as ScreenConnect, after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a different attacker-controlled executable file. It is...

CVE-2023-25718

In ConnectWise Control through 22.9.10032 formerly known as ScreenConnect, after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a different attacker-controlled executable file. It is...