Lucene search
K

54 matches found

NVD
NVD
added 2022/06/09 4:15 a.m.14 views

CVE-2022-25806

An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those credentials using a static 8-byte DES key...

8.8CVSS0.00941EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/06/09 4:15 a.m.4 views

CVE-2022-25806

An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those credentials using a static 8-byte DES key...

8.8CVSS7.2AI score0.00941EPSS
Exploits1References3
Prion
Prion
added 2022/06/09 4:15 a.m.22 views

Hardcoded credentials

An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. A hardcoded DES key in the LDAPDesPWEncrypter class allows an attacker, who has discovered encrypted LDAP bind credentials, to decrypt those credentials using a static 8-byte DES key...

2.1CVSS5.4AI score0.00295EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/06/09 4:15 a.m.12 views

Hardcoded credentials

An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those credentials using a static 8-byte DES key...

6.5CVSS8.5AI score0.00941EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/06/09 12:45 a.m.73 views

CVE-2022-25804

CVE-2022-25804 affects IGEL Universal Management Suite (UMS) 6.07.100. The issue is insecure permissions on the serverconfig registry key (under JavaSoft\Prefs\de\igel\rm\config in HKLM\SOFTWARE) that allow an unprivileged local attacker to read the encrypted dbuser and dbpassword values for the ...

5.5CVSS5.3AI score0.0028EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/06/09 12:45 a.m.23 views

CVE-2022-25804

An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. Insecure permissions for the serverconfig registry key under JavaSoft\Prefs\de\igel\rm\config in HKEYLOCALMACHINE\SOFTWARE allow an unprivileged local attacker to read the encrypted dbuser and dbpassword values for the U...

5.6AI score0.0028EPSS
Exploits1References2
CVE
CVE
added 2022/06/09 12:45 a.m.58 views

CVE-2022-25805

CVE-2022-25805 affects IGEL Universal Management Suite (UMS) 6.07.100, where the cmd_mgt_load_mgt_tree command transmits LDAP bind credentials in cleartext. This enables an attacker who can observe traffic between an authenticated UMS client and server to compromise LDAP bind credentials. The ava...

6.5CVSS6.5AI score0.00555EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/06/09 12:45 a.m.72 views

CVE-2022-25806

IGEL UMS 6.07.100 contains a hardcoded DES key in PrefDBCredentials, enabling an attacker who has obtained encrypted superuser credentials to decrypt them with a static 8-byte DES key. This affects IGEL Universal Management Suite and allows confidentiality/integrity/availability impact as describ...

8.8CVSS8.5AI score0.00941EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/06/09 12:45 a.m.91 views

CVE-2022-25807

IGEL Universal Management Suite (UMS) 6.07.100 contains a hardcoded DES key in the LDAPDesPWEncrypter class. This allows an attacker who gains access to encrypted LDAP bind credentials to decrypt them using a static 8-byte DES key. The connected documents provide concrete details of the affected ...

5.5CVSS5.4AI score0.00295EPSS
Exploits1References2Affected Software1
0day.today
0day.today
added 2021/08/27 12:0 a.m.142 views

COMMAX UMS Client ActiveX Control 1.7.0.2 - (CNC_Ctrl.dll) Heap Buffer Overflow Vulnerability

Exploit Title: COMMAX UMS Client ActiveX Control 1.7.0.2 - 'CNCCtrl.dll' Heap Buffer Overflow Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX UMS Client ActiveX Control 1.7.0.2 CNCCtrl.dll Heap Buffer Overflow Vendor: COMMAX Co., Ltd. Prodcut web page:...

0.6AI score
Exploits0
Exploit DB
Exploit DB
added 2021/08/27 12:0 a.m.224 views

COMMAX UMS Client ActiveX Control 1.7.0.2 - 'CNC_Ctrl.dll' Heap Buffer Overflow

Exploit Title: COMMAX UMS Client ActiveX Control 1.7.0.2 - 'CNCCtrl.dll' Heap Buffer Overflow Date: 02.08.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX UMS Client ActiveX Control 1.7.0.2 CNCCtrl.dll Heap Buffer Overflow Vendor: COMMAX Co., Ltd. Prodcut web page:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/08/16 12:0 a.m.281 views

COMMAX UMS Client ActiveX Control 1.7.0.2 Buffer Overflow

COMMAX UMS Client ActiveX Control 1.7.0.2 CNCCtrl.dll Heap Buffer Overflow Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: 1.7.0.2 Summary: COMMAX activex web viewer UMS client 32bit for COMMAX DVR/NVR. Desc: The vulnerability is caused due to a boundary error ...

0.5AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/08/15 12:0 a.m.463 views

COMMAX UMS Client ActiveX Control 1.7.0.2 (CNC_Ctrl.dll) Heap Buffer Overflow

Summary COMMAX activex web viewer client 32bit for COMMAX DVR/NVR. Description The vulnerability is caused due to a boundary error in the processing of user input, which can be exploited to cause a heap based buffer overflow when a user inserts overly long array of string bytes through several...

6.4AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/09/08 9:15 a.m.7 views

rund-ums-baby.de Cross Site Scripting vulnerability OBB-1314545

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Exploits0
Openbugbounty
Openbugbounty
added 2020/08/27 10:53 a.m.9 views

hb-rund-ums-haus.de Cross Site Scripting vulnerability OBB-1280070

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/08/25 4:56 a.m.10 views

rund-ums-baby.de Cross Site Scripting vulnerability OBB-1274780

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

0.8AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/08/24 4:25 a.m.9 views

rund-ums-baby.de Cross Site Scripting vulnerability OBB-1271756

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

0.8AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/05/15 12:39 a.m.12 views

rund-ums-baby.de Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1161526 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

0.6AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/04/19 11:56 a.m.9 views

rund-ums-baby.de Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1147043 Security Researcher MrRain1996 Helped patch 1003 vulnerabilities Received 5 Coordinated Disclosure badges Received 9 recommendations , a holder of 5 badges for responsible and coordinated disclosure, found a security vulnerability affecting rund-ums-baby.de website...

Exploits0
CVE
CVE
added 2018/08/03 5:0 p.m.82 views

CVE-2018-13416

The CVE-2018-13416 issue affects Universal Media Server (UMS) 7.1.0, where the SSDP/UPnP XML parsing engine is vulnerable to XML External Entity Processing (XXE). Unauthenticated, remote attackers can (per multiple sources) read arbitrary files on the host, trigger SMB NetNTLM captures (cracking ...

9.8CVSS9.6AI score0.20185EPSS
Exploits5References2Affected Software1
Rows per page
Query Builder