EUVD-2020-28144

Malware in sbrugna...

VISAM Automation Base (VBASE) Web-Remote Detection

Binary data visamvbasewebremotedetect.nbin...

CVE-2020-7008

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow input passed in the URL that is not properly verified before use, which may allow an attacker to read arbitrary files from local resources...

CVE-2020-10601

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism through brute-force attacks, cracking techniques, or overwriting the password hash...

CVE-2020-7000

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and the encryption/decryption mechanism, which may be exploited to bypass authentication of the HTML5 HM...

CVE-2020-10599

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow a vulnerable ActiveX component to be exploited resulting in a buffer overflow, which may lead to a denial-of-service condition and execution of arbitrary code...

Design/Logic Flaw

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism through brute-force attacks, cracking techniques, or overwriting the password hash...

Input validation

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow input passed in the URL that is not properly verified before use, which may allow an attacker to read arbitrary files from local resources...

Buffer overflow

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow a vulnerable ActiveX component to be exploited resulting in a buffer overflow, which may lead to a denial-of-service condition and execution of arbitrary code...

CVE-2020-10599

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow a vulnerable ActiveX component to be exploited resulting in a buffer overflow, which may lead to a denial-of-service condition and execution of arbitrary code...

CVE-2020-10599

Summary: CVE-2020-10599 affects VISAM VBASE Editor 11.5.0.2 and VBASE Web-Remote Module, where a vulnerable ActiveX component enables a stack-based buffer overflow leading to denial of service and arbitrary code execution. Red Hat and NVD entries corroborate the same issue. The ics advisory confi...

CVE-2020-7000

CVE-2020-7000 affects VISAM VBASE Editor v11.5.0.2 and VBASE Web-Remote Module. The vulnerability allows an unauthenticated attacker to obtain the web server’s cryptographic key and information about the login and encryption/decryption mechanism, enabling bypass of authentication for the HTML5 HM...

CVE-2020-10601

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism through brute-force attacks, cracking techniques, or overwriting the password hash...

CVE-2020-7004

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow weak or insecure permissions on the VBASE directory resulting in elevation of privileges or malicious effects on the system the next time a privileged user runs the application...

CVE-2020-7004

CVE-2020-7004 affects VISAM VBASE Editor v11.5.0.2 and VBASE Web-Remote Module. The issue is weak or insecure permissions on the VBASE directory, enabling elevation of privileges when a privileged user runs the application. Public sources in the connected documents confirm this vulnerability and ...

VISAM VBASE Editor and VBASE Web-Remote Module Buffer Overflow Vulnerability

VISAM VBASE is a data acquisition and monitoring system from VISAM, Germany, VBASE Editor is an editor and VBASE Web-Remote Module is a web-based remote module. A buffer overflow vulnerability exists in VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module. An attacker can exploit this...

VISAM VBASE Editor and VBASE Web-Remote Module Path Traversal Vulnerability

VISAM VBASE is a data acquisition and monitoring system from VISAM, Germany, VBASE Editor is an editor and VBASE Web-Remote Module is a web-based remote module. A path traversal vulnerability exists in VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module due to a failure of the program...

VISAM VBASE Editor and VBASE Web-Remote Module Path Traversal Vulnerability (CNVD-2020-21459)

VISAM VBASE is a data acquisition and monitoring system from VISAM, Germany, VBASE Editor is an editor and VBASE Web-Remote Module is a web-based remote module. A path traversal vulnerability exists in VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module, which is caused by the program...

VISAM Automation Base (VBASE) (Update B)

1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: VISAM Equipment: VBASE Vulnerabilities: Relative Path Traversal, Incorrect Default Permissions, Inadequate Encryption Strength, Insecure Storage of Sensitive Information, Stack-based Buffer Overflow...