Lucene search
K

300 matches found

Cvelist
Cvelist
added 2021/02/16 3:8 p.m.27 views

CVE-2020-29022 Host Header Injection allowing web cache poisoning attacks

Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3...

5.3CVSS5.3AI score0.00803EPSS
Exploits0References1
CVE
CVE
added 2021/02/16 3:7 p.m.52 views

CVE-2020-29024

The CVE-2020-29024 issue affects Secomea GateManager (GoToAppliance) prior to version 9.3, where cookies in HTTPS sessions can be exposed due to missing Secure attribute. This could allow an attacker to access sensitive cookies. The vulnerability is caused by insecure cookie handling in GoToAppli...

5.3CVSS5.3AI score0.00512EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/02/16 3:7 p.m.23 views

CVE-2020-29024 Missing HtppOnly and Secure flags

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in GTA GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3...

5.3CVSS5.4AI score0.00512EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/02/16 12:0 a.m.9 views

Secomea SiteManager Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in Secomea SiteManager that stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side code...

5.4CVSS6AI score0.00472EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/02/16 12:0 a.m.7 views

Secomea GateManager 安全漏洞

Secomea GateManager is a remote access server product from Secomea, Denmark. A security vulnerability exists in Secomea GateManager versions prior to 9.3, which allows an attacker to exploit the vulnerability to access sensitive cookies...

5.3CVSS6.1AI score0.00512EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/02/16 12:0 a.m.6 views

Secomea GateManager Security Vulnerability

A security vulnerability exists in Secomea GateManager all versions prior to 9.3, which can be exploited by an attacker to run arbitrary commands on a victim's computer...

4.9CVSS5.9AI score0.0053EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/02/16 12:0 a.m.7 views

Secomea GateManager 安全漏洞

Secomea GateManager is a remote access server product from Secomea, Denmark. A security vulnerability exists in Secomea GateManager versions prior to 9.3, which can be exploited by an attacker to potentially conduct Web caching attacks...

5.3CVSS6.1AI score0.00803EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/02/15 12:0 a.m.7 views

Secomea GateManager 安全漏洞

Secomea GateManager is a remote access server product from Secomea, Denmark. A security vulnerability exists in GateManager versions prior to 9.2c, which stems from an insecure direct object reference vulnerability that can be exploited by an attacker to reset the password of any user in his doma...

8.1CVSS7.3AI score0.00747EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/02/08 12:0 a.m.10 views

Secomea GateManager 跨站脚本漏洞

GateManager is a VPN server from Secomea. A cross-site scripting vulnerability exists in the Web UI input field of GateManager versions prior to 9.3. The vulnerability can be exploited by an attacker to conduct a cross-site scripting attack via the input script tag...

4.8CVSS5.6AI score0.00645EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2020/12/21 12:0 a.m.68 views

Remote Code Execution Vulnerabilities in Secomea, Moxa, and HMS eWon VPNs

Security researchers at Claroty published details on multiple pre-auth remote code execution vulnerabilities affecting virtual private network VPN implementations primarily used to provide remote access to operational technology OT networks. The vulnerabilities could allow unauthenticated attacke...

10CVSS9.7AI score0.02905EPSS
Exploits0References8
NVD
NVD
added 2020/08/25 2:15 p.m.26 views

CVE-2020-14500

Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data...

10CVSS9.5AI score0.01666EPSS
Exploits0References1
OSV
OSV
added 2020/08/25 2:15 p.m.3 views

CVE-2020-14500

Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data...

9.8CVSS7.6AI score0.01666EPSS
Exploits0References1
Prion
Prion
added 2020/08/25 2:15 p.m.19 views

Code injection

Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data...

7.5CVSS9.4AI score0.01666EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/08/25 1:12 p.m.83 views

CVE-2020-14500

CVE-2020-14500 affects Secomea GateManager (all versions prior to 9.2c). The flaw arises from improper handling of HTTP headers, allowing an unauthenticated remote attacker to send a negative value and overwrite arbitrary data, potentially enabling remote code execution, data tampering, or DoS. I...

10CVSS9.4AI score0.01666EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/08/25 1:12 p.m.35 views

CVE-2020-14500 IMPROPER NEUTRALIZATION OF NULL BYTE OR NUL CHARACTER CWE-158

Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data...

10CVSS9.4AI score0.01666EPSS
Exploits0References1
CNVD
CNVD
added 2020/07/30 12:0 a.m.9 views

Secomea GateManager Code Issue Vulnerability

Secomea GateManager is a remote access server product from Secomea, Denmark. A code issue vulnerability exists in Secomea GateManager versions prior to 9.2c. The vulnerability stems from an improper design or implementation during code development for a network system or product. An attacker coul...

10CVSS7AI score0.01666EPSS
Exploits0References1
CNVD
CNVD
added 2020/07/30 12:0 a.m.5 views

Secomea GateManager Trust Management Issues Vulnerability (CNVD-2020-43750)

Secomea GateManager is a remote access server product from Secomea, Denmark. A trust management issue vulnerability exists in Secomea GateManager versions prior to 9.2c that stems from the program's use of a weak hash type. A remote attacker could exploit this vulnerability to view user passwords...

8.1CVSS6.8AI score0.00823EPSS
Exploits0References1
CNVD
CNVD
added 2020/07/30 12:0 a.m.9 views

Secomea GateManager Numeric Error Vulnerability

Secomea GateManager is a remote access server product from Secomea, Denmark. A numeric error vulnerability exists in Secomea GateManager versions prior to 9.2c. The vulnerability arises from a network system or product not properly calculating or converting generated numbers. A remote attacker...

9.8CVSS7.7AI score0.02017EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2020/07/29 11:12 a.m.4 views

Industrial VPN Flaws Could Let Attackers Target Critical Infrastructures

Cybersecurity researchers have discovered critical vulnerabilities in industrial VPN implementations primarily used to provide remote access to operational technology OT networks that could allow hackers to overwrite data, execute malicious code, and compromise industrial control systems ICS. A n...

10CVSS8.5AI score0.02905EPSS
Exploits0
ICS
ICS
added 2020/07/28 12:0 a.m.66 views

Secomea GateManager

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Secomea Equipment: GateManager Vulnerabilities: Improper Neutralization of Null Byte or NUL Character, Off-by-one Error, Use of Hard-coded Credentials, Use of Password Hash with Insufficient...

10CVSS10AI score0.02487EPSS
Exploits0References6
Rows per page
Query Builder