Lucene search
K

84 matches found

Cvelist
Cvelist
added 2020/12/25 6:58 p.m.29 views

CVE-2020-35710

Parallels Remote Application Server RAS 18 allows remote attackers to discover an intranet IP address because submission of the login form even with blank credentials provides this address to the attacker's client for use as a "host" value. In other words, after an attacker's web browser sent a...

5.5AI score0.01661EPSS
Exploits1References2
CNNVD
CNNVD
added 2020/12/25 12:0 a.m.7 views

Parallels Remote Application Server Information Disclosure Vulnerability

Parallels Remote Application Server RAS is an application delivery and VDI Virtual Desktop Infrastructure solution from Parallels, Inc. in the United States. A security vulnerability exists in Parallels Remote Application Server that allows a remote attacker to discover an intranet IP address...

5.3CVSS6.1AI score0.01661EPSS
Exploits1References3
CNVD
CNVD
added 2020/07/27 12:0 a.m.2 views

Parallels Remote Application Server (RAS) Remote Code Execution Vulnerability

Parallels Remote Application Server RAS is a comprehensive virtual application and desktop delivery solution for your employees to access and use applications and data from any device. A remote code execution vulnerability exists in Parallels Remote Application Server RAS 17.1.1. The vulnerabilit...

9.9CVSS8.2AI score0.04009EPSS
Exploits1References1
Prion
Prion
added 2020/07/24 4:15 p.m.14 views

Remote code execution

Parallels Remote Application Server RAS 17.1.1 has a Business Logic Error causing remote code execution. It allows an authenticated user to execute any application in the backend operating system through the web application, despite the affected application not being published. In addition, it wa...

6.5CVSS9.7AI score0.04009EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2020/07/24 4:1 p.m.44 views

CVE-2020-15860

Parallels RAS 17.1.1 is affected by a Business Logic Error (CVE-2020-15860) that allows an authenticated user to execute any backend operating-system application via the web application and to access hosts in the internal domain without having published apps. Core Security’s advisory (CORE-2020-0...

9.9CVSS9.7AI score0.04009EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2020/07/24 12:0 a.m.5 views

PT-2020-14671 · Parallels · Parallels Remote Application Server

Name of the Vulnerable Software and Affected Versions: Parallels Remote Application Server RAS version 17.1.1 Description: The issue is a Business Logic Error that allows remote code execution. It enables an authenticated user to execute any application in the backend operating system through the...

9.9CVSS9.6AI score0.04009EPSS
Exploits1References4
ThreatPost
ThreatPost
added 2019/02/15 5:15 p.m.151 views

Trickbot Malware Goes After Remote Desktop Credentials

The banking trojan known as Trickbot has resurfaced, with an updated info-stealing module that allows it to harvest remote desktop application credentials. According to Trend Micro’s Noel Anthony Llimos and Carl Maverick Pascual, a new variant has recently come on the scene, and is being spread v...

0.8AI score
Exploits0References7
Akamai Blog
Akamai Blog
added 2018/08/03 12:44 p.m.28 views

Threat Identity...The First Line of Defense

Last quarter, we discussed zero trust and identity in regard to remote application access. This focus was primarily looking at enterprise users seeking to gain access to applications on a network where there are no boundaries: The internet. In the concept of zero trust, the internet is considered...

7.6AI score
Exploits0
Cvelist
Cvelist
added 2018/05/08 1:0 p.m.21 views

CVE-2018-1239

Dell EMC Unity Operating Environment OE versions prior to 4.3.0.1522077968 are affected by multiple OS command injection vulnerabilities. A remote application admin user could potentially exploit the vulnerabilities to execute arbitrary OS commands as system root on the system where Dell EMC Unit...

7.8AI score0.03429EPSS
Exploits0References2
CNVD
CNVD
added 2018/03/01 12:0 a.m.3 views

Parallels Remote Application Server Path Traversal Vulnerability

Parallels Remote Application Server RAS is a suite of virtual application and desktop delivery solutions from Parallels, Inc. in the United States. The solution provides remote access to virtual desktops and applications for devices on the network. A security vulnerability exists in the web...

7.5CVSS7AI score0.02015EPSS
Exploits5References1
OpenVAS
OpenVAS
added 2018/03/01 12:0 a.m.26 views

Parallels Remote Application Server (RAS) Detection (HTTP)

HTTP based detection of Parallels Remote Application Server RAS. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4AI score
Exploits0References1
OSV
OSV
added 2018/02/28 3:29 p.m.3 views

CVE-2017-9447

In the web interface of Parallels Remote Application Server RAS 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the "RASHTML5Gateway" directory. A remote, unauthenticated attacker could exploit this weakness to read arbitrary...

7.5CVSS5.9AI score0.02015EPSS
Exploits5References2
NVD
NVD
added 2018/02/28 3:29 p.m.19 views

CVE-2017-9447

In the web interface of Parallels Remote Application Server RAS 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the "RASHTML5Gateway" directory. A remote, unauthenticated attacker could exploit this weakness to read arbitrary...

7.5CVSS7.6AI score0.02015EPSS
Exploits5References2
Prion
Prion
added 2018/02/28 3:29 p.m.15 views

Path traversal

In the web interface of Parallels Remote Application Server RAS 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the "RASHTML5Gateway" directory. A remote, unauthenticated attacker could exploit this weakness to read arbitrary...

5CVSS7.1AI score0.02015EPSS
Exploits5References2Affected Software1
Cvelist
Cvelist
added 2018/02/28 3:0 p.m.22 views

CVE-2017-9447

In the web interface of Parallels Remote Application Server RAS 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the "RASHTML5Gateway" directory. A remote, unauthenticated attacker could exploit this weakness to read arbitrary...

7.6AI score0.02015EPSS
Exploits5References2
OpenVAS
OpenVAS
added 2018/01/24 12:0 a.m.29 views

Debian: Security Advisory (DLA-930-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.7AI score0.04928EPSS
Exploits0References2
CNVD
CNVD
added 2017/07/24 12:0 a.m.4 views

Schneider Electric PowerSCADA Anywhere/Citect Anywhere Command Separator Improperity Vulnerability

PowerSCADA Anywhere is SCADA and power monitoring software.Citect is industrial automation operation and monitoring software. An improper command separator vulnerability exists in the implementation of PowerSCADA Anywhere 1.0 and Citect Anywhere version 1.0. An attacker in close network proximity...

5.5CVSS6.2AI score0.00456EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/05/02 12:0 a.m.34 views

Debian DLA-930-1 : libxstream-java security update

It was discovered that there was a remote application crash vulnerability in libxstream-java, a Java library to serialize objects to XML and back again. This was due to mishandled attempts to create an instance of the primitive type 'void' during unmarshalling. For Debian 7 'Wheezy', this issue h...

7.5CVSS6.6AI score0.04928EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2017/04/29 7:59 p.m.37 views

CVE-2017-7957

XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML"" call...

7.5CVSS6.8AI score0.04928EPSS
Exploits0References3
Prion
Prion
added 2017/04/29 7:59 p.m.17 views

Code injection

XStream through 1.4.9, when a certain denyTypes workaround is not used, mishandles attempts to create an instance of the primitive type 'void' during unmarshalling, leading to a remote application crash, as demonstrated by an xstream.fromXML"" call...

5CVSS7.4AI score0.04928EPSS
Exploits0References9Affected Software2
Rows per page
Query Builder