14 matches found
EUVD-2020-29877
Malware in sbrugna...
CVE-2024-32932 American Dynamics Illustra Essentials Gen 4 - Reversible User Credential - stored web interface
Under certain circumstances the web interface users credentials may be recovered by an authenticated user...
CVE-2024-32757 American Dynamics Illustra Essentials Gen 4 - Linux Credential Leak
Under certain circumstances unnecessary user details are provided within system logs...
CVE-2024-32757 American Dynamics Illustra Essentials Gen 4 - Linux Credential Leak
Under certain circumstances unnecessary user details are provided within system logs...
CVE-2020-9049
A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid...
Authorization
A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid...
CVE-2020-9049
CVE-2020-9049 affects Johnson Controls Victor Web Client and Software House C•CURE Web Client. Affected products: victor Web Client up to v5.6 and C•CURE Web Client up to v2.90; mitigations include upgrading to victor v5.6 SP1 and C•CURE Web Client v2.70+ with updates (Web Client_c2.70_5.2_Update...
CVE-2020-9049 victor Web Client and C•CURE Web Client JSON Web Token (JWT) Vulnerability
A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid...
Design/Logic Flaw
A vulnerability in specified versions of American Dynamics victor Web Client and Software House CCURE Web Client could allow a remote unauthenticated attacker on the network to delete arbitrary files on the system or render the system unusable by conducting a Denial of Service attack...
CVE-2020-9048 victor Web Client - Arbitrary File Deletion Vulnerability
A vulnerability in specified versions of American Dynamics victor Web Client and Software House CCURE Web Client could allow a remote unauthenticated attacker on the network to delete arbitrary files on the system or render the system unusable by conducting a Denial of Service attack...
CVE-2020-9048
CVE-2020-9048 affects American Dynamics victor Web Client and Software House CCURE Web Client. The root cause is Improper Authorization (CWE-285) allowing a remote, unauthenticated attacker on an adjacent network to delete arbitrary files or cause a DoS, potentially rendering the system unusable....
PT-2020-20461 · American Dynamics +1 · American Dynamics Victor Web Client +1
Name of the Vulnerable Software and Affected Versions: American Dynamics victor Web Client versions up to and including v5.4.1 Software House CCURE Web Client affected versions not specified Description: A remote unauthenticated attacker on the network could delete arbitrary files on the system o...
Information disclosure
During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after the installation...
CVE-2020-9045
CVE-2020-9045 affects Software House C•CURE 9000 v2.70 and American Dynamics victor VMS v5.2. During installation or upgrade, the credentials of the user performing the process are logged to an install log file, which persists after installation. Publicly documented mitigations include upgrading ...