300 matches found
CVE-2020-29022 Host Header Injection allowing web cache poisoning attacks
Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3...
CVE-2020-29024
The CVE-2020-29024 issue affects Secomea GateManager (GoToAppliance) prior to version 9.3, where cookies in HTTPS sessions can be exposed due to missing Secure attribute. This could allow an attacker to access sensitive cookies. The vulnerability is caused by insecure cookie handling in GoToAppli...
CVE-2020-29024 Missing HtppOnly and Secure flags
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in GTA GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3...
Secomea SiteManager Cross-Site Scripting Vulnerability
A cross-site scripting vulnerability exists in Secomea SiteManager that stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side code...
Secomea GateManager 安全漏洞
Secomea GateManager is a remote access server product from Secomea, Denmark. A security vulnerability exists in Secomea GateManager versions prior to 9.3, which allows an attacker to exploit the vulnerability to access sensitive cookies...
Secomea GateManager Security Vulnerability
A security vulnerability exists in Secomea GateManager all versions prior to 9.3, which can be exploited by an attacker to run arbitrary commands on a victim's computer...
Secomea GateManager 安全漏洞
Secomea GateManager is a remote access server product from Secomea, Denmark. A security vulnerability exists in Secomea GateManager versions prior to 9.3, which can be exploited by an attacker to potentially conduct Web caching attacks...
Secomea GateManager 安全漏洞
Secomea GateManager is a remote access server product from Secomea, Denmark. A security vulnerability exists in GateManager versions prior to 9.2c, which stems from an insecure direct object reference vulnerability that can be exploited by an attacker to reset the password of any user in his doma...
Secomea GateManager 跨站脚本漏洞
GateManager is a VPN server from Secomea. A cross-site scripting vulnerability exists in the Web UI input field of GateManager versions prior to 9.3. The vulnerability can be exploited by an attacker to conduct a cross-site scripting attack via the input script tag...
Remote Code Execution Vulnerabilities in Secomea, Moxa, and HMS eWon VPNs
Security researchers at Claroty published details on multiple pre-auth remote code execution vulnerabilities affecting virtual private network VPN implementations primarily used to provide remote access to operational technology OT networks. The vulnerabilities could allow unauthenticated attacke...
CVE-2020-14500
Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data...
CVE-2020-14500
Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data...
Code injection
Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data...
CVE-2020-14500
CVE-2020-14500 affects Secomea GateManager (all versions prior to 9.2c). The flaw arises from improper handling of HTTP headers, allowing an unauthenticated remote attacker to send a negative value and overwrite arbitrary data, potentially enabling remote code execution, data tampering, or DoS. I...
CVE-2020-14500 IMPROPER NEUTRALIZATION OF NULL BYTE OR NUL CHARACTER CWE-158
Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data...
Secomea GateManager Code Issue Vulnerability
Secomea GateManager is a remote access server product from Secomea, Denmark. A code issue vulnerability exists in Secomea GateManager versions prior to 9.2c. The vulnerability stems from an improper design or implementation during code development for a network system or product. An attacker coul...
Secomea GateManager Trust Management Issues Vulnerability (CNVD-2020-43750)
Secomea GateManager is a remote access server product from Secomea, Denmark. A trust management issue vulnerability exists in Secomea GateManager versions prior to 9.2c that stems from the program's use of a weak hash type. A remote attacker could exploit this vulnerability to view user passwords...
Secomea GateManager Numeric Error Vulnerability
Secomea GateManager is a remote access server product from Secomea, Denmark. A numeric error vulnerability exists in Secomea GateManager versions prior to 9.2c. The vulnerability arises from a network system or product not properly calculating or converting generated numbers. A remote attacker...
Industrial VPN Flaws Could Let Attackers Target Critical Infrastructures
Cybersecurity researchers have discovered critical vulnerabilities in industrial VPN implementations primarily used to provide remote access to operational technology OT networks that could allow hackers to overwrite data, execute malicious code, and compromise industrial control systems ICS. A n...
Secomea GateManager
1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Secomea Equipment: GateManager Vulnerabilities: Improper Neutralization of Null Byte or NUL Character, Off-by-one Error, Use of Hard-coded Credentials, Use of Password Hash with Insufficient...