135 matches found
CVE-2021-34574
CVE-2021-34574 affects MB connect line products: mymbCONNECT24, mbCONNECT24, Helmholz myREX24 and myREX24.virtual up to version 2.11.2. An authenticated attacker can change their account password by intercepting and modifying the password-change request sent to the server, bypassing the password ...
PT-2021-20556 · Unknown · Mbconnect24 +2
Name of the Vulnerable Software and Affected Versions: mymbCONNECT24 versions through 2.11.2 mbCONNECT24 versions through 2.11.2 Helmholz myREX24 versions through 2.11.2 myREX24.virtual versions through 2.11.2 Description: An authenticated attacker can change the password of their account into a...
MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 Cross-Site Scripting Vulnerability (CNVD-2021-56802)
MB CONNECT LINE mymbCONNECT24 is an internal remote maintenance solution for virtual environments from the German company MB CONNECT LINE Mb Connect Line. MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 are vulnerable to cross-site scripting. No detailed vulnerability details are currently availabl...
CVE-2020-12527
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions...
CVE-2020-12530
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2. There is an XSS issue in the redirect.php allowing an attacker to inject code via a get parameter...
CVE-2020-12529
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports...
Improper access control
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions...
Design/Logic Flaw
An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports...
CVE-2020-12530
MB Connect Line MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 (all versions up to 2.6.2) are affected by a cross-site scripting (XSS) vulnerability in redirect.php that lets an attacker inject code through a GET parameter. The issue is documented across NVD, CVE records, and related advisories, i...
CVE-2020-12528
The CVE-2020-12528 vulnerability affects MB connect line MB CONNECT LINE products mymbCONNECT24 and mbCONNECT24 up to version 2.6.2. It is caused by improper access validation that can allow a logged-in user to kill web2go sessions in an account they should not access. Public sources (CISA ICSA-2...
CVE-2020-12529
MB connect line MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 contain a Server-Side Request Forgery (SSRF) vulnerability in the LDAP access check (CVE-2020-12529) that can enable an attacker to scan for open ports. Affected: all versions up to 2.6.2. Root cause: SSRF in LDAP access validation. Im...
CVE-2020-12527 Improper Access Validation in products of MB connect line and Helmholz
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. Improper access validation allows a logged in user to shutdown or reboot devices in his account without having corresponding permissions...
CVE-2020-12527
CVE-2020-12527 affects MB connect line products: mymbCONNECT24, mbCONNECT24, Helmholz myREX24, and myREX24.virtual (versions up to v2.11.2). The root cause is improper access validation that lets a logged-in user perform privileged actions (shutdown/reboot) on devices in their account without the...
mymbCONNECT24 安全漏洞
Mb Connect Line MB CONNECT LINE mymbCONNECT24 is an in-house remote maintenance solution for virtual environments from MB CONNECT LINE Mb Connect Line, Germany. A security vulnerability exists in mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2, which stems from the improper...
MB CONNECT LINE mymbCONNECT24 跨站脚本漏洞
Mb Connect Line MB CONNECT LINE mymbCONNECT24 is an in-house remote maintenance solution for virtual environments from MB CONNECT LINE Mb Connect Line, Germany. A cross-site scripting vulnerability exists in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2,...
MB CONNECT LINE mymbCONNECT24e 代码问题漏洞
Mb Connect Line MB CONNECT LINE mymbCONNECT24 is an in-house remote maintenance solution for virtual environments from MB CONNECT LINE Mb Connect Line, Germany. A server-side request forgery vulnerability exists in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24, which can be exploited by a remote...
PT-2021-2244 · Helmholz +1 · Myrex24.Virtual +2
Name of the Vulnerable Software and Affected Versions: MB connect line mymbCONNECT24 versions through v2.11.2 mbCONNECT24 versions through v2.11.2 Helmholz myREX24 versions through v2.11.2 Helmholz myREX24.virtual versions through v2.11.2 Description: The issue is related to improper access...
Unspecified vulnerability in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 (CNVD-2021-17234)
Mb Connect Line MB CONNECT LINE mymbCONNECT24 is an in-house remote maintenance solution for virtual environments from MB CONNECT LINE Mb Connect Line, Germany. A security vulnerability exists in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24, no details of the vulnerability are provided at this...
CVE-2020-35565
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login pages bruteforce detection is disabled by default...
CVE-2020-35570
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files that should have been restricted via forceful browsing...