18 matches found
EUVD-2019-2075
Malware in sbrugna...
EUVD-2020-29301
Malware in sbrugna...
EUVD-2019-2076
Malware in sbrugna...
CVE-2020-8434
Jenzabar JICS aka Internet Campus Solution before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2 before 9.2.2 Patch 8 has session cookies that are a deterministic function of the username. There is a hard-coded password to supply a PBKDF feeding into AES to encrypt a username and base64 encode ...
CVE-2019-10011
ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS aka Internet Campus Solution before 2019-02-06 allows remote attackers to create an arbitrary number of accounts with a password of 1234...
CVE-2019-10012
Jenzabar JICS aka Internet Campus Solution before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the MoxieManager for .NET plugin before 2.1.4 in the moxiemanager directory within the installation folder ICS\ICS.NET\ICSFileServer...
CVE-2020-8434
Jenzabar JICS aka Internet Campus Solution before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2 before 9.2.2 Patch 8 has session cookies that are a deterministic function of the username. There is a hard-coded password to supply a PBKDF feeding into AES to encrypt a username and base64 encode ...
CVE-2020-8434
Jenzabar JICS aka Internet Campus Solution before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2 before 9.2.2 Patch 8 has session cookies that are a deterministic function of the username. There is a hard-coded password to supply a PBKDF feeding into AES to encrypt a username and base64 encode ...
Hardcoded credentials
Jenzabar JICS aka Internet Campus Solution before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2 before 9.2.2 Patch 8 has session cookies that are a deterministic function of the username. There is a hard-coded password to supply a PBKDF feeding into AES to encrypt a username and base64 encode ...
CVE-2020-8434
Jenzabar JICS (Internet Campus Solution) is affected by CVE-2020-8434 in versions prior to 9.0.1 Patch 3, 9.1 prior to 9.1.2 Patch 2, and 9.2 prior to 9.2.2 Patch 8. The issue is that session cookies are derived from the username via a PBKDF-based scheme and AES, with a hard-coded password used t...
CVE-2020-8434
Jenzabar JICS aka Internet Campus Solution before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2 before 9.2.2 Patch 8 has session cookies that are a deterministic function of the username. There is a hard-coded password to supply a PBKDF feeding into AES to encrypt a username and base64 encode ...
CVE-2019-10012
Jenzabar JICS aka Internet Campus Solution before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the MoxieManager for .NET plugin before 2.1.4 in the moxiemanager directory within the installation folder ICS\ICS.NET\ICSFileServer...
CVE-2019-10011
ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS aka Internet Campus Solution before 2019-02-06 allows remote attackers to create an arbitrary number of accounts with a password of 1234...
CVE-2019-10011
ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS aka Internet Campus Solution before 2019-02-06 allows remote attackers to create an arbitrary number of accounts with a password of 1234...
CVE-2019-10012
Jenzabar JICS aka Internet Campus Solution before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the MoxieManager for .NET plugin before 2.1.4 in the moxiemanager directory within the installation folder ICS\ICS.NET\ICSFileServer...
Code injection
ICS/StaticPages/AddTestUsers.aspx in Jenzabar JICS aka Internet Campus Solution before 2019-02-06 allows remote attackers to create an arbitrary number of accounts with a password of 1234...
Design/Logic Flaw
Jenzabar JICS aka Internet Campus Solution before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the MoxieManager for .NET plugin before 2.1.4 in the moxiemanager directory within the installation folder ICS\ICS.NET\ICSFileServer...
CVE-2019-10011
CVE-2019-10011 affects Jenzabar JICS (Internet Campus Solution): ICS/StaticPages/AddTestUsers.aspx allows remote account creation with a password of 1234 prior to 2019-02-06. Connected sources (Red Hat, NVD, CVE lists) corroborate the same description. The documentation does not provide a patch v...