33 matches found
COMMAX UMS Client ActiveX Control 缓冲区错误漏洞
COMMAX UMS Client ActiveX Control is a browser plug-in from the Korean company COMMAX. A buffer error vulnerability exists in COMMAX UMS Client ActiveX Control version 1.7.0.2, which stems from a heap buffer overflow issue in CNCCtrl.dll that could lead to the execution of arbitrary code...
EUVD-2022-30447
Malicious code in bioql PyPI...
EUVD-2022-30444
Malicious code in bioql PyPI...
EUVD-2022-30446
Malicious code in bioql PyPI...
EUVD-2022-30445
Malicious code in bioql PyPI...
CVE-2022-25807
An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. A hardcoded DES key in the LDAPDesPWEncrypter class allows an attacker, who has discovered encrypted LDAP bind credentials, to decrypt those credentials using a static 8-byte DES key...
CVE-2022-25806
An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those credentials using a static 8-byte DES key...
CVE-2022-25804
An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. Insecure permissions for the serverconfig registry key under JavaSoft\Prefs\de\igel\rm\config in HKEYLOCALMACHINE\SOFTWARE allow an unprivileged local attacker to read the encrypted dbuser and dbpassword values for the U...
CVE-2022-25805
An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. The transmission of cleartext LDAP bind credentials by the cmdmgtloadmgttree command allows an attacker who can intercept or inspect traffic between an authenticated UMS client and server to compromise those LDAP bind...
CVE-2022-25807
An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. A hardcoded DES key in the LDAPDesPWEncrypter class allows an attacker, who has discovered encrypted LDAP bind credentials, to decrypt those credentials using a static 8-byte DES key...
CVE-2022-25804
An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. Insecure permissions for the serverconfig registry key under JavaSoft\Prefs\de\igel\rm\config in HKEYLOCALMACHINE\SOFTWARE allow an unprivileged local attacker to read the encrypted dbuser and dbpassword values for the U...
CVE-2022-25804
An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. Insecure permissions for the serverconfig registry key under JavaSoft\Prefs\de\igel\rm\config in HKEYLOCALMACHINE\SOFTWARE allow an unprivileged local attacker to read the encrypted dbuser and dbpassword values for the U...
CVE-2022-25806
An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those credentials using a static 8-byte DES key...
CVE-2022-25804
An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. Insecure permissions for the serverconfig registry key under JavaSoft\Prefs\de\igel\rm\config in HKEYLOCALMACHINE\SOFTWARE allow an unprivileged local attacker to read the encrypted dbuser and dbpassword values for the U...
CVE-2022-25805
An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. The transmission of cleartext LDAP bind credentials by the cmdmgtloadmgttree command allows an attacker who can intercept or inspect traffic between an authenticated UMS client and server to compromise those LDAP bind...
Design/Logic Flaw
An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. Insecure permissions for the serverconfig registry key under JavaSoft\Prefs\de\igel\rm\config in HKEYLOCALMACHINE\SOFTWARE allow an unprivileged local attacker to read the encrypted dbuser and dbpassword values for the U...
CVE-2022-25805
An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. The transmission of cleartext LDAP bind credentials by the cmdmgtloadmgttree command allows an attacker who can intercept or inspect traffic between an authenticated UMS client and server to compromise those LDAP bind...
CVE-2022-25806
An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those credentials using a static 8-byte DES key...
CVE-2022-25806
IGEL UMS 6.07.100 contains a hardcoded DES key in PrefDBCredentials, enabling an attacker who has obtained encrypted superuser credentials to decrypt them with a static 8-byte DES key. This affects IGEL Universal Management Suite and allows confidentiality/integrity/availability impact as describ...
CVE-2022-25807
An issue was discovered in the IGEL Universal Management Suite UMS 6.07.100. A hardcoded DES key in the LDAPDesPWEncrypter class allows an attacker, who has discovered encrypted LDAP bind credentials, to decrypt those credentials using a static 8-byte DES key...