17 matches found
CVE-2023-45894
The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques...
Remote code execution
The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques...
CVE-2023-45894
The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques...
CVE-2023-45894
CVE-2023-45894 affects the Parallels Remote Application Server (RAS). The vulnerability stems from the RAS not segmenting virtualized applications from the server, enabling a remote attacker to achieve remote code execution via kiosk-breakout techniques on versions prior to 19.2.23975. Reported s...
CVE-2020-8968
Parallels Remote Application Server RAS allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an...
Default credentials
Parallels Remote Application Server RAS allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an...
CVE-2020-8968 Parallels Remote Application Server credentials management errors
Parallels Remote Application Server RAS allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be compromised if an...
Design/Logic Flaw
Parallels Remote Application Server RAS 18 allows remote attackers to discover an intranet IP address because submission of the login form even with blank credentials provides this address to the attacker's client for use as a "host" value. In other words, after an attacker's web browser sent a...
CVE-2020-15860
Parallels Remote Application Server RAS 17.1.1 has a Business Logic Error causing remote code execution. It allows an authenticated user to execute any application in the backend operating system through the web application, despite the affected application not being published. In addition, it wa...
CVE-2020-15860
Parallels Remote Application Server RAS 17.1.1 has a Business Logic Error causing remote code execution. It allows an authenticated user to execute any application in the backend operating system through the web application, despite the affected application not being published. In addition, it wa...
CVE-2020-15860
Parallels Remote Application Server RAS 17.1.1 has a Business Logic Error causing remote code execution. It allows an authenticated user to execute any application in the backend operating system through the web application, despite the affected application not being published. In addition, it wa...
CVE-2020-15860
Parallels RAS 17.1.1 is affected by a Business Logic Error (CVE-2020-15860) that allows an authenticated user to execute any backend operating-system application via the web application and to access hosts in the internal domain without having published apps. Core Security’s advisory (CORE-2020-0...
: Parallels RAS OS Command Execution
1. Advisory Information Title : Parallels RAS OS Command Execution Advisory ID : CORE-2020-0011 Advisory URL:https://www.coresecurity.com/core-labs/advisories/parallels-ras-os-command-execution Date published : 2020-07-23 Date of last update : 2020-07-21 Vendors contacted : Parallels Release mode...
Parallels Remote Application Server 15.5 Path Traversal Vulnerability
Exploit for windows platform in category web applications Exploit Title: Parallels Remote Application Server RAS 15.5 Path Traversal Date: 22-02-2018 Exploit Author: Nicolas Markitanis - RUNESEC Reviewers: Simon Loizides and Marios Nicolaides - RUNESEC Vendor Homepage: https://www.parallels.com/...
Path traversal
In the web interface of Parallels Remote Application Server RAS 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the "RASHTML5Gateway" directory. A remote, unauthenticated attacker could exploit this weakness to read arbitrary...
Parallels Remote Application Server 15.5 - Path Traversal
Exploit Title: Parallels Remote Application Server RAS 15.5 Path Traversal Date: 22-02-2018 Exploit Author: Nicolas Markitanis - RUNESEC Reviewers: Simon Loizides and Marios Nicolaides - RUNESEC Vendor Homepage: https://www.parallels.com/ Affected: Parallels Remote Application Server RAS 15.5 Bui...
Parallels Remote Application Server 15.5 - Path Traversal
Parallels Remote Application Server 15.5 - Path Traversal Exploit Title: Parallels Remote Application Server RAS 15.5 Path Traversal Date: 22-02-2018 Exploit Author: Nicolas Markitanis - RUNESEC Reviewers: Simon Loizides and Marios Nicolaides - RUNESEC Vendor Homepage: https://www.parallels.com/...