Lucene search
K

20 matches found

Packet Storm
Packet Storm
added 2018/11/22 12:0 a.m.132 views

Consona Password Reset Security Bypass

Hi!! 8 years ago, I discovered this vulnerability, CVE-2010-1910, and now, you can see the details. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1910 The login page, "/sdcxuser/asp/login.asp", had a commented access to the page that allowed to change the password of any user, with a li...

5.1CVSS6.7AI score0.02464EPSS
Exploits2
NVD
NVD
added 2010/05/12 11:46 a.m.18 views

CVE-2010-1905

Multiple cross-site scripting XSS vulnerabilities in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input to ASP pages, as demonstrated using the backurl parameter to...

4.3CVSS5.8AI score0.02476EPSS
Exploits1References7
NVD
NVD
added 2010/05/12 11:46 a.m.25 views

CVE-2010-1913

The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that include...

9.3CVSS7.2AI score0.05028EPSS
Exploits1References4
NVD
NVD
added 2010/05/12 11:46 a.m.15 views

CVE-2010-1907

The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to discover the username of the client user, and consequently determine a pathname to a certain user directory, via a call to the GetUserName method...

4.3CVSS6.6AI score0.01528EPSS
Exploits1References4
NVD
NVD
added 2010/05/12 11:46 a.m.26 views

CVE-2010-1909

Buffer overflow in the RunCmd method in the SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to execute arbitrary code via vectors involving "CreateProcess params." NOTE: some of these details are obtained...

7.6CVSS7.9AI score0.05654EPSS
Exploits1References5
NVD
NVD
added 2010/05/12 11:46 a.m.24 views

CVE-2010-1910

The Forgot Password implementation in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to reset passwords of accounts with blank Hint questions and Hint answers by sending an empty value for each of these two Hint fields...

5.1CVSS6.7AI score0.02464EPSS
Exploits2References6
Prion
Prion
added 2010/05/12 11:46 a.m.16 views

Default credentials

The Forgot Password implementation in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to reset passwords of accounts with blank Hint questions and Hint answers by sending an empty value for each of these two Hint fields...

5.1CVSS7.2AI score0.02464EPSS
Exploits2References6
Prion
Prion
added 2010/05/12 11:46 a.m.23 views

Buffer overflow

Buffer overflow in the RunCmd method in the SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to execute arbitrary code via vectors involving "CreateProcess params." NOTE: some of these details are obtained...

7.6CVSS8.6AI score0.05654EPSS
Exploits1References5
Prion
Prion
added 2010/05/12 11:46 a.m.13 views

Default configuration

The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that include...

9.3CVSS7.8AI score0.05028EPSS
Exploits1References4
Prion
Prion
added 2010/05/12 11:46 a.m.17 views

Double free

The SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to bypass intended restrictions on ActiveX execution via "instantiation/free attacks."...

9.3CVSS7.4AI score0.05183EPSS
Exploits1References5
Prion
Prion
added 2010/05/12 11:46 a.m.15 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input to ASP pages, as demonstrated using the backurl parameter to...

4.3CVSS6.1AI score0.02476EPSS
Exploits1References7
Cvelist
Cvelist
added 2010/05/11 11:0 p.m.22 views

CVE-2010-1907

The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to discover the username of the client user, and consequently determine a pathname to a certain user directory, via a call to the GetUserName method...

6.6AI score0.01528EPSS
Exploits1References4
Cvelist
Cvelist
added 2010/05/11 11:0 p.m.20 views

CVE-2010-1905

Multiple cross-site scripting XSS vulnerabilities in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input to ASP pages, as demonstrated using the backurl parameter to...

5.8AI score0.02476EPSS
Exploits1References7
CVE
CVE
added 2010/05/11 11:0 p.m.41 views

CVE-2010-1913

The CVE-2010-1913 issue affects the SdcWebSecureBase interface’s tgctlcm.dll used by Consona Live Assistance, Dynamic Agent, and Subscriber Assistance. When plugins/clients are downloaded from a Telefonica-operated server (or similar), its default pluginlicense.ini contains an incorrect DNS white...

9.3CVSS7.4AI score0.05028EPSS
Exploits1References4Affected Software3
Cvelist
Cvelist
added 2010/05/11 11:0 p.m.22 views

CVE-2010-1913

The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that include...

7.2AI score0.05028EPSS
Exploits1References4
CVE
CVE
added 2010/05/11 11:0 p.m.42 views

CVE-2010-1907

The CVE-2010-1907 entry concerns the SdcUser.TgConCtl ActiveX control in tgctlcm.dll used by Consona Live Assistance, Dynamic Agent, and Subscriber Assistance. The vulnerability allows remote attackers to discover the client user’s username and deduce a path to a user directory via GetUserName. I...

4.3CVSS6.8AI score0.01528EPSS
Exploits1References4Affected Software3
CVE
CVE
added 2010/05/11 11:0 p.m.39 views

CVE-2010-1905

CVE-2010-1905 concerns multiple cross-site scripting (XSS) vulnerabilities in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance. The XSS can be triggered by crafted input to ASP pages, demonstrated via the backurl parameter to sdccommon/verify/asp/n6plugindestructor.asp. The avail...

4.3CVSS5.9AI score0.02476EPSS
Exploits1References7Affected Software1
CVE
CVE
added 2010/05/11 11:0 p.m.41 views

CVE-2010-1909

CVE-2010-1909: Buffer overflow in the RunCmd method of the SdcUser.TgConCtl ActiveX control (tgctlcm.dll) used by Consona Live Assistance, Dynamic Agent, and Subscriber Assistance. This vulnerability permits remote code execution via CreateProcess params. Exploitation details are not fully provid...

7.6CVSS8.2AI score0.05654EPSS
Exploits1References5Affected Software3
Cvelist
Cvelist
added 2010/05/11 11:0 p.m.27 views

CVE-2010-1908

The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance does not properly restrict access to the HTTPDownloadFile, HTTPGetFile, Install, and RunCmd methods, which allows remote attackers to execute arbitrary programs via a URL in th...

7.4AI score0.02336EPSS
Exploits1References5
CVE
CVE
added 2010/05/11 11:0 p.m.54 views

CVE-2010-1910

Consona password-reset vulnerability CVE-2010-1910 affects Consona Live Assistance, Dynamic Agent, and Subscriber Assistance. The Forgot Password feature allows remote reset of accounts with blank Hint questions/answers by submitting empty values for both fields, enabling password changes without...

5.1CVSS6.9AI score0.02464EPSS
Exploits2References6Affected Software3
Rows per page
Query Builder