11 matches found
EUVD-2020-21918
Malware in sbrugna...
CVE-2020-29550
An issue was discovered in URVE Build 24.03.2020. The password of an integration user account used for the connection of the MS Office 365 Integration Service is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext:...
CVE-2020-29551
An issue was discovered in URVE Build 24.03.2020. Using the internal/pc/shutdown.php path, it is possible to shutdown the system. Among others, the following files and scripts are also accessible: internal/pc/abort.php, internal/pc/restart.php, internal/pc/vpro.php, internal/pc/wake.php,...
CVE-2020-29552
An issue was discovered in URVE Build 24.03.2020. By using the internal/pc/vpro.php?mac=0&ip=0&operation=0&usr=0&pass=0%3bpowershell+-c+" substring, it is possible to execute a Powershell command and redirect its output to a file under the web root...
CVE-2020-29551
An issue was discovered in URVE Build 24.03.2020. Using the internal/pc/shutdown.php path, it is possible to shutdown the system. Among others, the following files and scripts are also accessible: internal/pc/abort.php, internal/pc/restart.php, internal/pc/vpro.php, internal/pc/wake.php,...
Command injection
An issue was discovered in URVE Build 24.03.2020. By using the internal/pc/vpro.php?mac=0&ip=0&operation=0&usr=0&pass=0%3bpowershell+-c+" substring, it is possible to execute a Powershell command and redirect its output to a file under the web root...
Design/Logic Flaw
An issue was discovered in URVE Build 24.03.2020. Using the internal/pc/shutdown.php path, it is possible to shutdown the system. Among others, the following files and scripts are also accessible: internal/pc/abort.php, internal/pc/restart.php, internal/pc/vpro.php, internal/pc/wake.php,...
CVE-2020-29551
An issue was discovered in URVE Build 24.03.2020. Using the internal/pc/shutdown.php path, it is possible to shutdown the system. Among others, the following files and scripts are also accessible: internal/pc/abort.php, internal/pc/restart.php, internal/pc/vpro.php, internal/pc/wake.php,...
CVE-2020-29551
URVE Software Build 24.03.2020 contains a vulnerability accessible through the _internal/pc/shutdown.php path that enables system shutdown. The issue also exposes a number of sensitive files and scripts (e.g., _internal/pc/abort.php, _internal/pc/restart.php, _internal/pc/vpro.php, _internal/pc/w...
CVE-2020-29552
An issue was discovered in URVE Build 24.03.2020. By using the internal/pc/vpro.php?mac=0&ip=0&operation=0&usr=0&pass=0%3bpowershell+-c+" substring, it is possible to execute a Powershell command and redirect its output to a file under the web root...
CVE-2020-29550
An issue was discovered in URVE Build 24.03.2020. The password of an integration user account used for the connection of the MS Office 365 Integration Service is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext:...