22 matches found
CVE-2026-53474
A flaw was found in migration-planner. A remote authenticated attacker could exploit this vulnerability by uploading a specially crafted RVTools .xlsx file. Due to improper input sanitization, malicious SQL embedded within a spreadsheet cell is executed when cluster names are processed. This SQL...
CVE-2026-53474 Migration-planner: second-order sql injection via rvtools upload
A flaw was found in migration-planner. A remote authenticated attacker could exploit this vulnerability by uploading a specially crafted RVTools .xlsx file. Due to improper input sanitization, malicious SQL embedded within a spreadsheet cell is executed when cluster names are processed. This SQL...
CVE-2026-53474 Migration-planner: second-order sql injection via rvtools upload
A flaw was found in migration-planner. A remote authenticated attacker could exploit this vulnerability by uploading a specially crafted RVTools .xlsx file. Due to improper input sanitization, malicious SQL embedded within a spreadsheet cell is executed when cluster names are processed. This SQL...
CVE-2026-53474
Migration-planner is affected by a second-order SQL injection via uploads of RVTools .xlsx files. The flaw arises from improper input sanitization and causes malicious SQL embedded in a spreadsheet cell to execute when cluster names are processed, enabling arbitrary file reading on the host (pote...
PT-2026-48447
A flaw was found in migration-planner. A remote authenticated attacker could exploit this vulnerability by uploading a specially crafted RVTools .xlsx file. Due to improper input sanitization, malicious SQL embedded within a spreadsheet cell is executed when cluster names are processed. This SQL...
Migration Planner UI SQL注入漏洞
The Migration Planner UI is an open-source migration planning front-end tool developed by KubeV2V. The Migration Planner UI has a SQL injection vulnerability. This vulnerability arises when a remotely authenticated attacker uploads a specially crafted RVTools .xlsx file. Due to improper input...
CVE-2020-27688
RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The...
Compromised RVTools Installer Spreading Bumblebee Malware
RVTools installer on its official site was found delivering malware. Research shows it spread Bumblebee loader. Users urged to verify downloads...
RVTools Official Site Hacked to Deliver Bumblebee Malware via Trojanized Installer
The official site for RVTools has been hacked to serve a compromised installer for the popular VMware environment reporting utility. "Robware.net and RVTools.com are currently offline. We are working expeditiously to restore service and appreciate your patience," the company said in a statement...
The vulnerability of the RVTools virtualization audit application, related to errors in cryptographic transformations, allows unauthorized access to protected information.
The vulnerability of the RVTools virtualization audit application is related to errors in cryptographic transformations. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...
CVE-2023-44303
RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the password encryption utility RVToolsPasswordEncryption.exe and main application RVTools.exe. A remote unauthenticated attacker with access to stored encrypted passwords from a users' system could potentially...
CVE-2023-44303
RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the password encryption utility RVToolsPasswordEncryption.exe and main application RVTools.exe. A remote unauthenticated attacker with access to stored encrypted passwords from a users' system could potentially...
Design/Logic Flaw
RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the password encryption utility RVToolsPasswordEncryption.exe and main application RVTools.exe. A remote unauthenticated attacker with access to stored encrypted passwords from a users' system could potentially...
CVE-2023-44303
RVTools, Version 3.9.2 and above, contain a sensitive data exposure vulnerability in the password encryption utility RVToolsPasswordEncryption.exe and main application RVTools.exe. A remote unauthenticated attacker with access to stored encrypted passwords from a users' system could potentially...
CVE-2023-44303
CVE-2023-44303 affects RVTools 3.9.2 and later, exposing a sensitive data exposure through the password encryption utility (RVToolsPasswordEncryption.exe) and the main RVTools.exe. Root cause is described as an incomplete fix for CVE-2020-27688, enabling potential disclosure of encrypted password...
Robware RVTools Security Vulnerability
Robware RVTools is a virtual machine management tool organized by Robware. The software lists information about VMs, CPUs, memory, disks, partitions, networks, floppy drives, CD drives, snapshots, VMware tools, resource pools, clusters, ESX hosts, HBAs, Nics, switches, ports, distributed switches...
PT-2023-7270 · Rvtools · Rvtools
Name of the Vulnerable Software and Affected Versions: RVTools versions 3.9.2 and above Description: The issue is related to errors in cryptographic transformations, which can allow a remote attacker to gain unauthorized access to protected information. Specifically, the vulnerability in the...
CVE-2020-27688
RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The...
Design/Logic Flaw
RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt passwords to be used in the configuration files. This encryption used a static IV and key, and thus using the Decrypt method from VISKD.cs from the RVTools.exe executable allows for decrypting the encrypted passwords. The...
CVE-2020-27688
RVTools 4.0.6 is affected by CVE-2020-27688: RVToolsPasswordEncryption.exe uses a static IV and key for encryption, and the Decrypt() method in VISKD.cs within RVTools.exe can decrypt the stored passwords. This creates a risk that passwords in configuration files could be recovered by anyone with...