EUVD-2020-28144

Malware in sbrugna...

CVE-2020-7008

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow input passed in the URL that is not properly verified before use, which may allow an attacker to read arbitrary files from local resources...

CVE-2020-7004

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow weak or insecure permissions on the VBASE directory resulting in elevation of privileges or malicious effects on the system the next time a privileged user runs the application...

CVE-2020-10601

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism through brute-force attacks, cracking techniques, or overwriting the password hash...

CVE-2020-7000

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and the encryption/decryption mechanism, which may be exploited to bypass authentication of the HTML5 HM...

CVE-2020-10601

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism through brute-force attacks, cracking techniques, or overwriting the password hash...

CVE-2020-7000

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and the encryption/decryption mechanism, which may be exploited to bypass authentication of the HTML5 HM...

Input validation

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow input passed in the URL that is not properly verified before use, which may allow an attacker to read arbitrary files from local resources...

Design/Logic Flaw

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism through brute-force attacks, cracking techniques, or overwriting the password hash...

Buffer overflow

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow a vulnerable ActiveX component to be exploited resulting in a buffer overflow, which may lead to a denial-of-service condition and execution of arbitrary code...

Privilege escalation

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow weak or insecure permissions on the VBASE directory resulting in elevation of privileges or malicious effects on the system the next time a privileged user runs the application...

CVE-2020-10599

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow a vulnerable ActiveX component to be exploited resulting in a buffer overflow, which may lead to a denial-of-service condition and execution of arbitrary code...

CVE-2020-10599

Summary: CVE-2020-10599 affects VISAM VBASE Editor 11.5.0.2 and VBASE Web-Remote Module, where a vulnerable ActiveX component enables a stack-based buffer overflow leading to denial of service and arbitrary code execution. Red Hat and NVD entries corroborate the same issue. The ics advisory confi...

CVE-2020-7000

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and the encryption/decryption mechanism, which may be exploited to bypass authentication of the HTML5 HM...

CVE-2020-7000

CVE-2020-7000 affects VISAM VBASE Editor v11.5.0.2 and VBASE Web-Remote Module. The vulnerability allows an unauthenticated attacker to obtain the web server’s cryptographic key and information about the login and encryption/decryption mechanism, enabling bypass of authentication for the HTML5 HM...

CVE-2020-10601

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism through brute-force attacks, cracking techniques, or overwriting the password hash...

CVE-2020-7004

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow weak or insecure permissions on the VBASE directory resulting in elevation of privileges or malicious effects on the system the next time a privileged user runs the application...

CVE-2020-7008

CVE-2020-7008 affects VISAM VBASE Editor 11.5.0.2 and VBASE Web-Remote Module. A path traversal vulnerability lets an attacker supply unverified URL input to read arbitrary local files. Red Hat and CVE records confirm the issue and ICS/CISA advisories reference the same affected products. Mitigat...

VISAM VBASE Weak Encryption Vulnerability

VISAM VBASE is a data acquisition and monitoring system from VISAM Germany, VBASE Editor is one of the editors, VBASE Web-Remote Module is one of the web-based remote modules. A security vulnerability exists in the VISAM VBASE Editor version 11.5.0.2 and the VBASE Web-Remote Module that stems fro...

VISAM VBASE Editor and VBASE Web-Remote Module Buffer Overflow Vulnerability

VISAM VBASE is a data acquisition and monitoring system from VISAM, Germany, VBASE Editor is an editor and VBASE Web-Remote Module is a web-based remote module. A buffer overflow vulnerability exists in VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module. An attacker can exploit this...