66 matches found
Crlf injection
CRLF vulnerability in Reprise License Manager RLM web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers...
CVE-2021-37500
Directory traversal vulnerability in Reprise License Manager RLM web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the on the server...
CVE-2021-37498
CVE-2021-37498 describes a server-side request forgery (SSRF) in the Reprise License Manager (RLM) web interface (up to version 14.2BL4 and prior). The vulnerability allows remote attackers to trigger outbound requests to intranet servers and perform port scanning via the actserver parameter in t...
CVE-2021-37500
The CVE-2021-37500 issue affects Reprise License Manager (RLM) web interface prior to version 14.2BL4. A directory traversal flaw in the diagnostics function allows RLM users with sufficient privileges to overwrite any file on the server. Impact is server file overwrite (high) with network access...
CVE-2021-37499
The CVE-2021-37499 entry describes a CRLF injection vulnerability in Reprise License Manager (RLM) web interface up to version 14.2BL4, located in the password parameter of the View License Result function. The underlying issue is unsanitized user input that allows remote attackers to inject arbi...
CVE-2022-30519
XSS in signing form in Reprise Software RLM License Administration v14.2BL4 allows remote attacker to inject arbitrary code via password field...
Code injection
XSS in signing form in Reprise Software RLM License Administration v14.2BL4 allows remote attacker to inject arbitrary code via password field...
CVE-2022-30519
XSS in signing form in Reprise Software RLM License Administration v14.2BL4 allows remote attacker to inject arbitrary code via password field...
CVE-2022-30519
CVE-2022-30519 affects Reprise Software RLM License Administration v14.2BL4. The issue is an XSS in the signing form’s password field that allows a remote attacker to inject arbitrary code. Exploitation details and PoCs are present in connected sources (e.g., exploit-db/packetstorm). The document...
PT-2022-20156 · Reprise · Reprise Software Rlm License Administration
Name of the Vulnerable Software and Affected Versions: Reprise Software RLM License Administration version 14.2BL4 Description: The issue allows a remote attacker to inject arbitrary code via the password field in the signing form, potentially leading to code execution. Recommendations: For Repri...
CVE-2022-30519
XSS in signing form in Reprise Software RLM License Administration v14.2BL4 allows remote attacker to inject arbitrary code via password field...
RLM 14.2 Cross Site Scripting Vulnerability
Product: RLM 14.2 Vendor: Reprise Software CVE ID: CVE-2021-45422 Vulnerability Title: Reflected Cross-Site Scripting Severity: Medium Authors: Giulia Melotti Garibaldi Introduction: An issue was discovered in Reprise License Manager 14.2, Reprise License Manager 14.2 is affected by a reflected...
RLM 14.2 Cross Site Scripting
Product: RLM 14.2 Vendor: Reprise Software CVE ID: CVE-2021-45422 Vulnerability Title: Reflected Cross-Site Scripting Severity: Medium Authors: Giulia Melotti Garibaldi Date: 2022-01-11 Introduction: An issue was discovered in Reprise License Manager 14.2, Reprise License Manager 14.2 is affected...
CVE-2021-44152
An issue was discovered in Reprise RLM 14.2. Because /goform/changepasswordprocess does not verify authentication or authorization, an unauthenticated user can change the password of any existing user. This allows an attacker to change the password of any known user, thereby preventing valid user...
CVE-2021-44152
An issue was discovered in Reprise RLM 14.2. Because /goform/changepasswordprocess does not verify authentication or authorization, an unauthenticated user can change the password of any existing user. This allows an attacker to change the password of any known user, thereby preventing valid user...
CVE-2021-44151
An issue was discovered in Reprise RLM 14.2. As the session cookies are small, an attacker can hijack any existing sessions by bruteforcing the 4 hex-character session cookie on the Windows version the Linux version appears to have 8 characters. An attacker can obtain the static part of the cooki...
CVE-2021-44153
An issue was discovered in Reprise RLM 14.2. When editing the license file, it is possible for an admin user to enable an option to run arbitrary executables, as demonstrated by an ISV demo "C:\Windows\System32\calc.exe" entry. An attacker can exploit this to run a malicious binary on startup, or...
CVE-2021-44155
An issue was discovered in /goform/loginprocess in Reprise RLM 14.2. When an attacker attempts to login, the response if a username is valid includes Login Failed, but does not include this string if the username is invalid. This allows an attacker to enumerate valid users...
CVE-2021-44154
An issue was discovered in Reprise RLM 14.2. By using an admin account, an attacker can write a payload to /goform/editopt, which will then be triggered when running the diagnostics via /goform/diagnosticsdoit, resulting in a buffer overflow...
CVE-2021-44151
An issue was discovered in Reprise RLM 14.2. As the session cookies are small, an attacker can hijack any existing sessions by bruteforcing the 4 hex-character session cookie on the Windows version the Linux version appears to have 8 characters. An attacker can obtain the static part of the cooki...