CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

CVE•added 2009/05/14 5:0 p.m.•49 views

CVE-2009-1465

CVE-2009-1465 affects Application Access Server (A-A-S) 2.0.48, where the admin account uses the default password “wildbat,” enabling remote attackers to obtain administrative access. The provided documents confirm the component and default credential issue but do not specify a fixed version or o...

7.5CVSS5.4AI score0.00675EPSS

Exploits1References5Affected Software1

Cvelist•added 2009/05/14 5:0 p.m.•25 views

CVE-2009-1464

Multiple cross-site request forgery CSRF vulnerabilities in index.aas in Application Access Server A-A-S 2.0.48 allow remote attackers to hijack the authentication of administrators for requests that 1 execute arbitrary programs via a command job, 2 stop services via a setservice job, or 3...

6.3AI score0.00283EPSS

Exploits3References6

Tenable Nessus•added 2009/05/14 12:0 a.m.•61 views

A-A-S Application Access Server Default Admin Password

The remote installation of A-A-S Application Access Server is configured to use default credentials to control administrative access. Knowing these, an attacker can gain administrative control of the affected application and host. C Tenable Network Security, Inc. include"compat.inc"; if descripti...

7.5CVSS5.5AI score0.00675EPSS

Exploits1References2

Packet Storm•added 2009/05/13 12:0 a.m.•38 views

Klinzmann A-A-S 2.0.48 XSRF Exploit

!-- AASHack 1.0 By Felipe M. Aragon Affected Versions: AAS 2.0.48 and possibly older versions This is an exploit demonstration code for the A-A-S Application Access Server index.aas job parameter XSRF vulnerability CVE-2009-1464 This script has been successfully tested on IE 7.0 and Firefox 3.08...

6.8CVSS0.00283EPSS

Exploits3

Packet Storm•added 2009/05/13 12:0 a.m.•59 views

Klinzmann A-A-S XSRF / Code Execution

Syhunt: A-A-S Application Access Server Multiple Security Vulnerabilities Advisory-ID: 200905111 Discovery Date: 3.23.2009 Release Date: 5.11.2009 Affected Applications: A-A-S 2.0.48 and possibly older versions Class: XSRF Cross Site Request Forgery Arbitrary Command Execution, Undocumented Defau...

7.5CVSS0.4AI score0.00675EPSS

Exploits3

securityvulns•added 2009/05/13 12:0 a.m.•78 views

Syhunt: A-A-S (Application Access Server) Multiple Security Vulnerabilities

7.5CVSS0.4AI score0.00675EPSS

Exploits3

OpenVAS•added 2009/05/12 12:0 a.m.•37 views

A-A-S Application Access Server Multiple Vulnerabilities

According to its version number, the remote version of A-A-S Application Access Server is prone to multiple security issues including a cross-site request-forgery vulnerability, an insecure-default-password vulnerability and an information-disclosure vulnerability. Attackers can exploit these...

7.5CVSS0.9AI score0.00675EPSS

Exploits3References1

CVE•added 2005/07/10 4:0 a.m.•53 views

CVE-2004-2169

CVE-2004-2169 affects Application Access Server (A-A-S) 1.0.37 and earlier. Remote authenticated users can trigger a denial of service (application crash) by issuing a long file request. No remediation or fixes are detailed in the provided documents.

2.1CVSS6.6AI score0.00229EPSS

Exploits0References3Affected Software1

Tenable Nessus•added 2004/08/18 12:0 a.m.•8 views

A-A-S Server Detection

Binary data 5022.prm...

7.3AI score

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by