45 matches found
EUVD-2010-1927
Malware in sbrugna...
EUVD-2010-1924
Malware in sbrugna...
EUVD-2010-1926
Malware in sbrugna...
EUVD-2010-1930
Malware in sbrugna...
EUVD-2010-1931
Malware in sbrugna...
EUVD-2010-1925
Malware in sbrugna...
EUVD-2010-1929
Malware in sbrugna...
Consona Password Reset Security Bypass Vulnerability
Exploit for php platform in category web applications 8 years ago, I discovered this vulnerability, CVE-2010-1910, and now, you can see the details. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1910 The login page, "/sdcxuser/asp/login.asp", had a commented access to the page that...
Consona Password Reset Security Bypass
Hi!! 8 years ago, I discovered this vulnerability, CVE-2010-1910, and now, you can see the details. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1910 The login page, "/sdcxuser/asp/login.asp", had a commented access to the page that allowed to change the password of any user, with a li...
CVE-2010-1905
Multiple cross-site scripting XSS vulnerabilities in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input to ASP pages, as demonstrated using the backurl parameter to...
CVE-2010-1909
Buffer overflow in the RunCmd method in the SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to execute arbitrary code via vectors involving "CreateProcess params." NOTE: some of these details are obtained...
CVE-2010-1911
The site-locking implementation in the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance relies on a list of server domain names to restrict execution of ActiveX controls, which makes it easier for man-in-the-middle attackers to execute...
CVE-2010-1913
The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that include...
CVE-2010-1907
The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to discover the username of the client user, and consequently determine a pathname to a certain user directory, via a call to the GetUserName method...
CVE-2010-1910
The Forgot Password implementation in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to reset passwords of accounts with blank Hint questions and Hint answers by sending an empty value for each of these two Hint fields...
CVE-2010-1912
The SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to bypass intended restrictions on ActiveX execution via "instantiation/free attacks."...
Default credentials
The Forgot Password implementation in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to reset passwords of accounts with blank Hint questions and Hint answers by sending an empty value for each of these two Hint fields...
Session fixation
The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance does not properly restrict access to the HTTPDownloadFile, HTTPGetFile, Install, and RunCmd methods, which allows remote attackers to execute arbitrary programs via a URL in th...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input to ASP pages, as demonstrated using the backurl parameter to...
Default configuration
The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that include...