comparex-group.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1169089 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

CVE-2018-19233

COMPAREX Miss Marple Enterprise Edition before 2.0 allows local users to execute arbitrary code by reading the user name and encrypted password hard-coded in an Inventory Agent configuration file...

CVE-2018-19234

The Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edition before 2.0 allows remote attackers to execute arbitrary code with SYSTEM privileges via vectors related to missing update validation...

Hardcoded credentials

COMPAREX Miss Marple Enterprise Edition before 2.0 allows local users to execute arbitrary code by reading the user name and encrypted password hard-coded in an Inventory Agent configuration file...

CVE-2018-19233

CVE-2018-19233 affects Miss Marple Enterprise Edition before 2.0. Local attackers can execute arbitrary code by reading the user name and encrypted password hard-coded in an Inventory Agent configuration file. The vulnerability is due to hard-coded credentials (AES key) in the affected component;...

CVE-2018-19234

CVE-2018-19234 affects the Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edition prior to version 2.0 . The root cause is missing update validation , enabling a remote attacker to execute arbitrary code with SYSTEM privileges . This vulnerability is documented across multiple sou...