EUVD-2020-28144

Malware in sbrugna...

VISAM Automation Base (VBASE) Web-Remote Detection

Binary data visamvbasewebremotedetect.nbin...

CVE-2020-7008

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow input passed in the URL that is not properly verified before use, which may allow an attacker to read arbitrary files from local resources...

CVE-2020-10601

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism through brute-force attacks, cracking techniques, or overwriting the password hash...

CVE-2020-7000

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and the encryption/decryption mechanism, which may be exploited to bypass authentication of the HTML5 HM...

CVE-2020-10599

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow a vulnerable ActiveX component to be exploited resulting in a buffer overflow, which may lead to a denial-of-service condition and execution of arbitrary code...

Input validation

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow input passed in the URL that is not properly verified before use, which may allow an attacker to read arbitrary files from local resources...

Design/Logic Flaw

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism through brute-force attacks, cracking techniques, or overwriting the password hash...

Buffer overflow

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow a vulnerable ActiveX component to be exploited resulting in a buffer overflow, which may lead to a denial-of-service condition and execution of arbitrary code...

CVE-2020-10599

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow a vulnerable ActiveX component to be exploited resulting in a buffer overflow, which may lead to a denial-of-service condition and execution of arbitrary code...

CVE-2020-10599

Summary: CVE-2020-10599 affects VISAM VBASE Editor 11.5.0.2 and VBASE Web-Remote Module, where a vulnerable ActiveX component enables a stack-based buffer overflow leading to denial of service and arbitrary code execution. Red Hat and NVD entries corroborate the same issue. The ics advisory confi...

CVE-2020-7000

CVE-2020-7000 affects VISAM VBASE Editor v11.5.0.2 and VBASE Web-Remote Module. The vulnerability allows an unauthenticated attacker to obtain the web server’s cryptographic key and information about the login and encryption/decryption mechanism, enabling bypass of authentication for the HTML5 HM...

CVE-2020-10601

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism through brute-force attacks, cracking techniques, or overwriting the password hash...

CVE-2020-7004

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow weak or insecure permissions on the VBASE directory resulting in elevation of privileges or malicious effects on the system the next time a privileged user runs the application...

CVE-2020-7004

CVE-2020-7004 affects VISAM VBASE Editor v11.5.0.2 and VBASE Web-Remote Module. The issue is weak or insecure permissions on the VBASE directory, enabling elevation of privileges when a privileged user runs the application. Public sources in the connected documents confirm this vulnerability and ...

VISAM VBASE Editor and VBASE Web-Remote Module Buffer Overflow Vulnerability

VISAM VBASE is a data acquisition and monitoring system from VISAM, Germany, VBASE Editor is an editor and VBASE Web-Remote Module is a web-based remote module. A buffer overflow vulnerability exists in VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module. An attacker can exploit this...

VISAM VBASE Editor and VBASE Web-Remote Module Path Traversal Vulnerability

VISAM VBASE is a data acquisition and monitoring system from VISAM, Germany, VBASE Editor is an editor and VBASE Web-Remote Module is a web-based remote module. A path traversal vulnerability exists in VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module due to a failure of the program...

VISAM VBASE Editor and VBASE Web-Remote Module Path Traversal Vulnerability (CNVD-2020-21459)

VISAM VBASE is a data acquisition and monitoring system from VISAM, Germany, VBASE Editor is an editor and VBASE Web-Remote Module is a web-based remote module. A path traversal vulnerability exists in VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module, which is caused by the program...

VISAM Automation Base (VBASE) (Update B)

1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: VISAM Equipment: VBASE Vulnerabilities: Relative Path Traversal, Incorrect Default Permissions, Inadequate Encryption Strength, Insecure Storage of Sensitive Information, Stack-based Buffer Overflow...