CVE-2022-25246 PTC Axeda agent and Axeda Desktop Server Use of Hard-Coded Credentials

Axeda agent All versions and Axeda Desktop Server for Windows All versions uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system...

CVE-2022-25247

CVE-2022-25247 affects PTC Axeda agent and Axeda Desktop Server for Windows (all versions). The flaw is missing authentication for a critical function that lets a remote unauthenticated attacker send commands to a specific port, potentially enabling remote code execution and full filesystem acces...

CVE-2022-25247 PTC Axeda agent and Axeda Desktop Server Missing Authentication For Critical Function

Axeda agent All versions and Axeda Desktop Server for Windows All versions may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and...

PTC Axeda agent and Axeda Desktop Server (Update C)

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: PTC Equipment: Axeda agent, Axeda Desktop Server Vulnerabilities: Use of Hard-coded Credentials, Missing Authentication for Critical Function, Exposure of Sensitive Information to an Unauthorized Actor,...

CISA Releases Security Advisory on PTC Axeda Agent and Desktop Server

CISA has released an Industrial Controls Systems Advisory ICSA, detailing vulnerabilities in PTC Axeda agent and Axeda Desktop Server. Successful exploitation of these vulnerabilities—collectively known as “Access:7”—could result in full system access, remote code execution, read/change...

DEBIAN-CVE-2022-23613

xrdp is an open source remote desktop protocol RDP server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root. This vulnerability has been patched in...

Alpine Linux 安全漏洞

Alpine Linux is a lightweight Linux distribution for security applications. A security vulnerability exists in Alpine Linux xrdp version 3.14, which stems from the program's use of pre-generated RSA certificates and private keys, making the session vulnerable to man-in-the-middle attacks...

SUSE: Security Advisory (SUSE-SU-2019:2752-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WiFi Mouse 1.7.8.5 - Remote Code Execution Exploit

Exploit Title: WiFi Mouse 1.7.8.5 - Remote Code Execution Author: H4rk3nz0 Vendor Homepage: http://necta.us/ Software Link: http://wifimouse.necta.us/download Version: 1.7.8.5 Tested on: Windows Enterprise Build 17763 Desktop Server software used by mobile app has PIN option which does not to...

freerdp: Out-of-bounds write in interleaved.c

A flaw was found in FreeRDP between versions 1.0 and 2.0.0. An out-of-bounds memory write was found in the interleaved.c function which could allow an attacker to take over and control the RDP server, including data sent to the client. The highest threat from this vulnerability is to data...

Failed to call RPC function: Error code: 0x80131500

Challenge Backup of Remote Desktop Server VMs with Application-Aware Processing may fail with an Unknown error, error code 0x80131500. You will see error messages similar to: "Failed to call RPC function 'Vss.GetSqlInfoForLastSnapshot2': Error code: 0x80131500. Failed to invoke func...

TurboVNC Stack Buffer Overflow Vulnerability

TurboVNC is a remote desktop server. A stack buffer overflow vulnerability exists in previous versions of TurboVNC commit cea98166008301e614e0d36776bf9435a536136e. The vulnerability stems from a network system or product performing operations in memory without properly validating data boundaries,...

Vdsm Arbitrary Command Execution Vulnerability

oVirt Virtual Desktop Server Manager vdsm is a virtual machine host manager for managing virtual machines running KVM hypervisor technology. The product is capable of managing virtual host storage, memory, and network resources, among other things, and supports the creation of virtual hosts. A...

libvirt: Setting empty VNC password allows access to unauthorized users

It was found that setting a VNC password to an empty string in libvirt did not disable all access to the VNC server as documented, instead it allowed access with no authentication required. An attacker could use this flaw to access a VNC server with an empty VNC password without any authenticatio...

Red Hat libvirt Design Vulnerability

Red Hat libvirt is a Linux API for implementing Linux virtualization features from Red Hat, Inc. It supports a variety of Hypervisors, including Xen and KVM, as well as QEMU and a number of virtual products for other operating systems. A design vulnerability exists in Red Hat libvirt that stems...

Red Hat VDSM Module Security Bypass Vulnerability

Red Hat VDSM Module is a Virtual Desktop Server Manager module from Red Hat, Inc. A security bypass vulnerability exists in Red Hat VDSM Module. An attacker could exploit this vulnerability to bypass security restrictions and conduct further attacks...

RedHat Update for wireshark RHSA-2012:0509-01

Check for the Version of wireshark OpenVAS Vulnerability Test RedHat Update for wireshark RHSA-2012:0509-01 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

CVE-2010-2811

Virtual Desktop Server Manager VDSM in Red Hat Enterprise Virtualization RHEV 2.2 does not properly accept TCP connections for SSL sessions, which allows remote attackers to cause a denial of service daemon outage via crafted SSL traffic...

vdsm: SSL accept() blocks on a non-blocking Connection

Virtual Desktop Server Manager VDSM in Red Hat Enterprise Virtualization RHEV 2.2 does not properly accept TCP connections for SSL sessions, which allows remote attackers to cause a denial of service daemon outage via crafted SSL traffic...

CVE-2010-2223

Virtual Desktop Server Manager VDSM in Red Hat Enterprise Virtualization Hypervisor aka RHEV-H or rhev-hypervisor before 5.5-2.2 does not properly perform VM post-zeroing after the removal of a virtual machine's data, which allows guest OS users to obtain sensitive information by examining the di...