831 matches found
CVE-2021-28157
An SQL Injection issue in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows an administrative user to execute arbitrary SQL commands via a username in api/security/userinfo/delete...
CVE-2021-28157
CVE-2021-28157 affects Devolutions Server and Devolutions Server LTS. The vulnerability is a SQL injection in the API endpoint api/security/userinfo/delete that allows an administrative user to execute arbitrary SQL commands. Affected versions are Devolutions Server before 2021.1 and Devolutions ...
CVE-2021-28048
An overly permissive CORS policy in Devolutions Server before 2021.1 and Devolutions Server LTS before 2020.3.18 allows a remote attacker to leak cross-origin data via a crafted HTML page...
CVE-2021-28048
The CVE-2021-28048 entry concerns Devolutions Server (versions prior to 2021.1 and Devolutions Server LTS prior to 2020.3.18). The root cause is an overly permissive Cross-Origin Resource Sharing (CORS) policy that allows a remote attacker to leak cross-origin data via a specially crafted HTML pa...
Devolutions Server SQL注入漏洞
Devolutions Server is an application from Devolutions Canada. It provides a full-featured shared account and password management solution. A SQL injection vulnerability exists in Devolutions Server versions prior to 2021.1and Devolutions Server LTS versions prior to 2020.3.18, which can be...
Devolutions Server 访问控制错误漏洞
Devolutions Server is an application from Devolutions Canada. It provides a full-featured shared account and password management solution. A security vulnerability exists in Devolutions Server versions prior to 2021.1 and Devolutions Server LTS versions prior to 2020.3.18, which allows remote...
Devolutions Server Cross-Site Scripting Vulnerability
Devolutions Server is a local management solution that helps organizations control access to privileged accounts and business user passwords. A cross-site scripting vulnerability exists in Devolutions Server versions prior to 2020.3 in entries of type "Document", which can be exploited by an...
Devolutions Server Information Disclosure Vulnerability
Devolutions Server is a local management solution that helps organizations control access to privileged accounts and business user passwords. An information disclosure vulnerability exists in Devolutions Server versions prior to 2020.3, which can be exploited by an attacker to obtain sensitive...
CVE-2021-23924
An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files...
CVE-2021-23921
An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements...
CVE-2021-23925
An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting XSS vulnerability in entries of type Document...
CVE-2021-23923
An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users...
CVE-2021-23924
An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files...
CVE-2021-23925
An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting XSS vulnerability in entries of type Document...
CVE-2021-23921
An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements...
CVE-2021-23923
An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users...
Cross site scripting
An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting XSS vulnerability in entries of type Document...
Authentication flaw
An issue was discovered in Devolutions Server before 2020.3. There is Broken Authentication with Windows domain users...
Information disclosure
An issue was discovered in Devolutions Server before 2020.3. There is an exposure of sensitive information in diagnostic files...
Improper access control
An issue was discovered in Devolutions Server before 2020.3. There is broken access control on Password List entry elements...