36 matches found
CVE-2023-45894
The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques...
EUVD-2017-18380
Malware in sbrugna...
EUVD-2020-7841
Malware in sbrugna...
EUVD-2020-23368
Malware in sbrugna...
EUVD-2020-29798
Malware in sbrugna...
EUVD-2022-44127
Malicious code in bioql PyPI...
CVE-2022-40870
The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header...
CVE-2020-15860
Parallels Remote Application Server RAS 17.1.1 has a Business Logic Error causing remote code execution. It allows an authenticated user to execute any application in the backend operating system through the web application, despite the affected application not being published. In addition, it wa...
CVE-2020-35710
Parallels Remote Application Server RAS 18 allows remote attackers to discover an intranet IP address because submission of the login form even with blank credentials provides this address to the attacker's client for use as a "host" value. In other words, after an attacker's web browser sent a...
CVE-2023-45894
The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques...
CVE-2023-45894
The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques...
Remote code execution
The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques...
Parallels Remote Application Server Security Vulnerability
Parallels Remote Application Server RAS is an application delivery cum VDI Virtual Desktop Infrastructure solution from Parallels, Inc. in the United States. A security vulnerability exists in Parallels Remote Application Server versions prior to 19.2.23975, which stems from the fact that the...
CVE-2023-45894
The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques...
CVE-2023-45894
CVE-2023-45894 affects the Parallels Remote Application Server (RAS). The vulnerability stems from the RAS not segmenting virtualized applications from the server, enabling a remote attacker to achieve remote code execution via kiosk-breakout techniques on versions prior to 19.2.23975. Reported s...
PT-2023-29752 · Parallels · Parallels Ras
Name of the Vulnerable Software and Affected Versions: Parallels RAS versions prior to 19.2.23975 Description: The issue allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques because the Remote Application Server in Parallels RAS does not segment...
CVE-2022-40870
The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header...
CVE-2022-40870
The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header...
Design/Logic Flaw
The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header...
CVE-2022-40870
CVE-2022-40870 affects the Web Client of Parallels Remote Application Server v18.0. The issue is a Host Header Injection that allows an attacker to execute arbitrary commands via a crafted payload in the Host header. CVSSv3.1 base score 8.1 (High) with network access, high complexity, no privileg...