310 matches found
CVE-2020-29029 XSS issue due to insufficient sanitization of input field
Improper Input Validation, Cross-site Scripting XSS vulnerability in Web GUI of Secomea GateManager allows an attacker to execute arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4...
CVE-2020-29032
Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. This issue affects: Secomea GateManager all versions prior to 9.4.621054022...
Design/Logic Flaw
Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. This issue affects: Secomea GateManager all versions prior to 9.4.621054022...
CVE-2020-29032
The CVE-2020-29032 entry concerns Secomea GateManager, where a file upload vulnerability in the firmware archive allows an authenticated attacker to execute code on the server. Affected products are GateManager versions prior to 9.4.621054022; the root cause is a lack of integrity checking during...
CVE-2020-29032 Add integrity check of GateManager firmware
Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. This issue affects: Secomea GateManager all versions prior to 9.4.621054022...
Secomea GateManager 跨站请求伪造漏洞
GateManager is a VPN server from Secomea. A cross-site request forgery vulnerability exists in the web GUI of Secomea GateManager versions prior to 9.4. An attacker can exploit this vulnerability to execute malicious code...
Secomea GateManager 跨站脚本漏洞
GateManager is a VPN server from Secomea. A cross-site scripting vulnerability exists in the web GUI of Secomea GateManager versions prior to 9.4. The vulnerability stems from improper input validation. An attacker can exploit the vulnerability to execute arbitrary javascript code...
Secomea GateManager 跨站脚本漏洞
GateManager is a VPN server from Secomea. A cross-site scripting vulnerability exists in the web GUI of Secomea GateManager versions prior to 9.4. An attacker can exploit this vulnerability to inject arbitrary javascript code...
Secomea GateManager 代码问题漏洞
Secomea GateManager is a remote access server product from Secomea, Denmark. A file upload vulnerability exists in versions prior to Secomea GateManager 9.4.621054022, which stems from a code upload vulnerability without integrity checking that can be exploited by an attacker to execute malicious...
GateManager Path Traversal Vulnerability
GateManager is a cloud server product from Secomea. A directory traversal vulnerability in the file upload feature in all versions of GateManager prior to 92c allows an authenticated attacker with administrative privileges to read and write arbitrary files on the Linux file system...
CVE-2020-29022
Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3...
CVE-2020-29023
Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim's computer when opened in a spreadsheet program like Excel. This issue affects: Secomea GateManager all...
CVE-2020-29024
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in GTA GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3...
CVE-2020-29023
Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim's computer when opened in a spreadsheet program like Excel. This issue affects: Secomea GateManager all...
CVE-2020-29022
Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3...
Session fixation
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in GTA GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3...
Design/Logic Flaw
Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3...
Input validation
Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim's computer when opened in a spreadsheet program like Excel. This issue affects: Secomea GateManager all...
CVE-2020-29023 CSV Formula Injection possible due to improper fields escaping in GateManager
Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim's computer when opened in a spreadsheet program like Excel. This issue affects: Secomea GateManager all...
CVE-2020-29023
The CVE-2020-29023 issue affects Secomea GateManager (all versions prior to 9.3). The root cause is improper encoding/escaping in the CSV Report Generator, enabling CSV formula injection. An authenticated administrator can generate a CSV that, when opened in a spreadsheet (e.g., Excel), may execu...