54 matches found
CVE-2022-25806
An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those credentials using a static 8-byte DES key...
CVE-2022-25806
An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those credentials using a static 8-byte DES key...
Hardcoded credentials
An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. A hardcoded DES key in the LDAPDesPWEncrypter class allows an attacker, who has discovered encrypted LDAP bind credentials, to decrypt those credentials using a static 8-byte DES key...
Hardcoded credentials
An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those credentials using a static 8-byte DES key...
CVE-2022-25804
CVE-2022-25804 affects IGEL Universal Management Suite (UMS) 6.07.100. The issue is insecure permissions on the serverconfig registry key (under JavaSoft\Prefs\de\igel\rm\config in HKLM\SOFTWARE) that allow an unprivileged local attacker to read the encrypted dbuser and dbpassword values for the ...
CVE-2022-25804
An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. Insecure permissions for the serverconfig registry key under JavaSoft\Prefs\de\igel\rm\config in HKEYLOCALMACHINE\SOFTWARE allow an unprivileged local attacker to read the encrypted dbuser and dbpassword values for the U...
CVE-2022-25805
CVE-2022-25805 affects IGEL Universal Management Suite (UMS) 6.07.100, where the cmd_mgt_load_mgt_tree command transmits LDAP bind credentials in cleartext. This enables an attacker who can observe traffic between an authenticated UMS client and server to compromise LDAP bind credentials. The ava...
CVE-2022-25806
IGEL UMS 6.07.100 contains a hardcoded DES key in PrefDBCredentials, enabling an attacker who has obtained encrypted superuser credentials to decrypt them with a static 8-byte DES key. This affects IGEL Universal Management Suite and allows confidentiality/integrity/availability impact as describ...
CVE-2022-25807
IGEL Universal Management Suite (UMS) 6.07.100 contains a hardcoded DES key in the LDAPDesPWEncrypter class. This allows an attacker who gains access to encrypted LDAP bind credentials to decrypt them using a static 8-byte DES key. The connected documents provide concrete details of the affected ...
COMMAX UMS Client ActiveX Control 1.7.0.2 - (CNC_Ctrl.dll) Heap Buffer Overflow Vulnerability
Exploit Title: COMMAX UMS Client ActiveX Control 1.7.0.2 - 'CNCCtrl.dll' Heap Buffer Overflow Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX UMS Client ActiveX Control 1.7.0.2 CNCCtrl.dll Heap Buffer Overflow Vendor: COMMAX Co., Ltd. Prodcut web page:...
COMMAX UMS Client ActiveX Control 1.7.0.2 - 'CNC_Ctrl.dll' Heap Buffer Overflow
Exploit Title: COMMAX UMS Client ActiveX Control 1.7.0.2 - 'CNCCtrl.dll' Heap Buffer Overflow Date: 02.08.2021 Exploit Author: LiquidWorm Vendor Homepage: https://www.commax.com COMMAX UMS Client ActiveX Control 1.7.0.2 CNCCtrl.dll Heap Buffer Overflow Vendor: COMMAX Co., Ltd. Prodcut web page:...
COMMAX UMS Client ActiveX Control 1.7.0.2 Buffer Overflow
COMMAX UMS Client ActiveX Control 1.7.0.2 CNCCtrl.dll Heap Buffer Overflow Vendor: COMMAX Co., Ltd. Prodcut web page: https://www.commax.com Affected version: 1.7.0.2 Summary: COMMAX activex web viewer UMS client 32bit for COMMAX DVR/NVR. Desc: The vulnerability is caused due to a boundary error ...
COMMAX UMS Client ActiveX Control 1.7.0.2 (CNC_Ctrl.dll) Heap Buffer Overflow
Summary COMMAX activex web viewer client 32bit for COMMAX DVR/NVR. Description The vulnerability is caused due to a boundary error in the processing of user input, which can be exploited to cause a heap based buffer overflow when a user inserts overly long array of string bytes through several...
rund-ums-baby.de Cross Site Scripting vulnerability OBB-1314545
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
hb-rund-ums-haus.de Cross Site Scripting vulnerability OBB-1280070
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
rund-ums-baby.de Cross Site Scripting vulnerability OBB-1274780
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
rund-ums-baby.de Cross Site Scripting vulnerability OBB-1271756
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
rund-ums-baby.de Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1161526 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...
rund-ums-baby.de Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1147043 Security Researcher MrRain1996 Helped patch 1003 vulnerabilities Received 5 Coordinated Disclosure badges Received 9 recommendations , a holder of 5 badges for responsible and coordinated disclosure, found a security vulnerability affecting rund-ums-baby.de website...
CVE-2018-13416
The CVE-2018-13416 issue affects Universal Media Server (UMS) 7.1.0, where the SSDP/UPnP XML parsing engine is vulnerable to XML External Entity Processing (XXE). Unauthenticated, remote attackers can (per multiple sources) read arbitrary files on the host, trigger SMB NetNTLM captures (cracking ...