16 matches found
EUVD-2021-24942
Malware in sbrugna...
EUVD-2021-23990
Malware in sbrugna...
CVE-2021-38490
Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different vulnerability than CVE-2021-37425...
CVE-2021-37425
Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key...
Altova MobileTogether Server 7.3 - XML External Entity Injection (XXE)
Exploit Title: Altova MobileTogether Server 7.3 - XML External Entity Injection XXE Date: 2021-08-10 Exploit Author: RedTeam Pentesting GmbH Vendor Homepage: https://www.altova.com/mobiletogether-server Version: 7.3 CVE: 2021-37425 Advisory: XML External Entity Expansion in MobileTogether Server...
Altova MobileTogether Server 7.3 - XML External Entity Injection Vulnerability
Exploit Title: Altova MobileTogether Server 7.3 - XML External Entity Injection XXE Exploit Author: RedTeam Pentesting GmbH Vendor Homepage: https://www.altova.com/mobiletogether-server Version: 7.3 CVE: 2021-37425 Advisory: XML External Entity Expansion in MobileTogether Server RedTeam Pentestin...
CVE-2021-37425
Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key...
CVE-2021-38490
Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different vulnerability than CVE-2021-37425...
Design/Logic Flaw
Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key...
Privilege escalation
Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different vulnerability than CVE-2021-37425...
CVE-2021-38490
Altova MobileTogether Server before 7.3 SP1 allows XML exponential entity expansion, a different vulnerability than CVE-2021-37425...
CVE-2021-37425
CVE-2021-37425 affects Altova MobileTogether Server prior to 7.3 SP1. The issue is XML External Entity (XXE) processing that can allow a user with app access to read arbitrary files from the server filesystem (e.g., MobileTogether server config) and potentially read certificates/private keys, and...
CVE-2021-37425
Altova MobileTogether Server before 7.3 SP1 allows XXE attacks, such as an InfoSetChanges/Changes attack against /workflowmanagement, or reading mobiletogetherserver.cfg and then reading the certificate and private key...
Altova MobileTogether Server 安全漏洞
Altova MobileTogether Server is a server from Altova Austria that provides MobileTogether solutions for client mobile devices. A security vulnerability exists in Altova MobileTogether Server versions prior to 7.3 SP1 that stems from the program allowing XML index entity extensions...
Altova MobileTogether Server 代码问题漏洞
Altova MobileTogether Server is a server from Altova Austria that provides MobileTogether solutions for client mobile devices. A security vulnerability exists in Altova MobileTogether Server versions prior to 7.3 SP1, which can be exploited by an attacker to read certificates and private keys...
MobileTogether Server 7.3 XML Injection
Advisory: XML External Entity Expansion in MobileTogether Server RedTeam Pentesting discovered a vulnerability in the MobileTogether server which allows users with access to at least one app to read arbitrary, non-binary files from the file system and perform server-side requests. The vulnerabili...