84 matches found
CVE-2020-35710
Parallels Remote Application Server RAS 18 allows remote attackers to discover an intranet IP address because submission of the login form even with blank credentials provides this address to the attacker's client for use as a "host" value. In other words, after an attacker's web browser sent a...
Parallels Remote Application Server Information Disclosure Vulnerability
Parallels Remote Application Server RAS is an application delivery and VDI Virtual Desktop Infrastructure solution from Parallels, Inc. in the United States. A security vulnerability exists in Parallels Remote Application Server that allows a remote attacker to discover an intranet IP address...
Parallels Remote Application Server (RAS) Remote Code Execution Vulnerability
Parallels Remote Application Server RAS is a comprehensive virtual application and desktop delivery solution for your employees to access and use applications and data from any device. A remote code execution vulnerability exists in Parallels Remote Application Server RAS 17.1.1. The vulnerabilit...
Remote code execution
Parallels Remote Application Server RAS 17.1.1 has a Business Logic Error causing remote code execution. It allows an authenticated user to execute any application in the backend operating system through the web application, despite the affected application not being published. In addition, it wa...
CVE-2020-15860
Parallels RAS 17.1.1 is affected by a Business Logic Error (CVE-2020-15860) that allows an authenticated user to execute any backend operating-system application via the web application and to access hosts in the internal domain without having published apps. Core Security’s advisory (CORE-2020-0...
PT-2020-14671 · Parallels · Parallels Remote Application Server
Name of the Vulnerable Software and Affected Versions: Parallels Remote Application Server RAS version 17.1.1 Description: The issue is a Business Logic Error that allows remote code execution. It enables an authenticated user to execute any application in the backend operating system through the...
Trickbot Malware Goes After Remote Desktop Credentials
The banking trojan known as Trickbot has resurfaced, with an updated info-stealing module that allows it to harvest remote desktop application credentials. According to Trend Micro’s Noel Anthony Llimos and Carl Maverick Pascual, a new variant has recently come on the scene, and is being spread v...
Threat Identity...The First Line of Defense
Last quarter, we discussed zero trust and identity in regard to remote application access. This focus was primarily looking at enterprise users seeking to gain access to applications on a network where there are no boundaries: The internet. In the concept of zero trust, the internet is considered...
CVE-2018-1239
Dell EMC Unity Operating Environment OE versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. A remote application admin user could potentially exploit the vulnerabilities to execute arbitrary OS commands as system root on the system where Dell EMC Unit...
Parallels Remote Application Server Path Traversal Vulnerability
Parallels Remote Application Server RAS is a suite of virtual application and desktop delivery solutions from Parallels, Inc. in the United States. The solution provides remote access to virtual desktops and applications for devices on the network. A security vulnerability exists in the web...
Parallels Remote Application Server (RAS) Detection (HTTP)
HTTP based detection of Parallels Remote Application Server RAS. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2017-9447
In the web interface of Parallels Remote Application Server RAS 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the "RASHTML5Gateway" directory. A remote, unauthenticated attacker could exploit this weakness to read arbitrary...
CVE-2017-9447
In the web interface of Parallels Remote Application Server RAS 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the "RASHTML5Gateway" directory. A remote, unauthenticated attacker could exploit this weakness to read arbitrary...
Path traversal
In the web interface of Parallels Remote Application Server RAS 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the "RASHTML5Gateway" directory. A remote, unauthenticated attacker could exploit this weakness to read arbitrary...
CVE-2017-9447
In the web interface of Parallels Remote Application Server RAS 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the "RASHTML5Gateway" directory. A remote, unauthenticated attacker could exploit this weakness to read arbitrary...
Debian: Security Advisory (DLA-930-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Schneider Electric PowerSCADA Anywhere/Citect Anywhere Command Separator Improperity Vulnerability
PowerSCADA Anywhere is SCADA and power monitoring software.Citect is industrial automation operation and monitoring software. An improper command separator vulnerability exists in the implementation of PowerSCADA Anywhere 1.0 and Citect Anywhere version 1.0. An attacker in close network proximity...
Debian DLA-930-1 : libxstream-java security update
It was discovered that there was a remote application crash vulnerability in libxstream-java, a Java library to serialize objects to XML and back again. This was due to mishandled attempts to create an instance of the primitive type 'void' during unmarshalling. For Debian 7 'Wheezy', this issue h...
CVE-2017-7957
XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML"" call...
Code injection
XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML"" call...