14 matches found
CVE-2009-0695
hagent.exe in Wyse Device Manager WDM 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action...
CVE-2009-0693
Multiple buffer overflows in Wyse Device Manager WDM 4.7.x allow remote attackers to execute arbitrary code via 1 the User-Agent HTTP header to hserver.dll or 2 unspecified input to hagent.exe...
CVE-2009-0693
Multiple buffer overflows in Wyse Device Manager WDM 4.7.x allow remote attackers to execute arbitrary code via 1 the User-Agent HTTP header to hserver.dll or 2 unspecified input to hagent.exe...
CVE-2009-0695
hagent.exe in Wyse Device Manager WDM 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action...
Authentication flaw
hagent.exe in Wyse Device Manager WDM 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action...
Buffer overflow
Multiple buffer overflows in Wyse Device Manager WDM 4.7.x allow remote attackers to execute arbitrary code via 1 the User-Agent HTTP header to hserver.dll or 2 unspecified input to hagent.exe...
CVE-2009-0693
CVE-2009-0693 concerns Wyse Device Manager (WDM) 4.7.x, where multiple buffer overflows allow remote code execution. Specifically, the issues involve HServer (hserver.dll) accepting a crafted User-Agent header and HAgent (hagent.exe) receiving unspecified input leading to overflow. The vulnerabil...
CVE-2009-0693
Multiple buffer overflows in Wyse Device Manager WDM 4.7.x allow remote attackers to execute arbitrary code via 1 the User-Agent HTTP header to hserver.dll or 2 unspecified input to hagent.exe...
CVE-2009-0695
hagent.exe in Wyse Device Manager WDM 4.7.x does not require authentication for commands, which allows remote attackers to obtain management access via a crafted query, as demonstrated by a V52 query that triggers a power-off action...
CVE-2009-0695
Summary of CVE-2009-0695: Wyse Device Manager (WDM) HAgent (hagent.exe) on 4.7.x allows remote commands without authentication, enabling an attacker with network access to obtain management access and trigger actions (e.g., power-off) via crafted queries (e.g., V52). Exploitation is demonstrated ...
Wyse Device Manager (WDM) HServer and HAgent contain multiple vulnerabilities
Overview Wyse Device Manager WDM Server and HAgent contain several vulnerabilities. An attacker with network access to WDM components could execute arbitrary code on vulnerable systems. Description Wyse Device Manager WDM, formerly known as Wyse Rapport manages thin clients. Part of the server...
Wyse Device Manager HAgent Service Detection
Binary data wysehagentdetect.nbin...
Wyse Device Manager Buffer Overflow
Wyse Device Manager is installed on the remote system. The installed version is affected by a buffer overflow vulnerability. By sending a specially crafted request to the server, it may be possible for an unauthorized attacker to crash the server or execute arbitrary commands on the remote system...
Wyse Device Manager Default FTP Account
The remote FTP server has an account with a known username / password combination, possibly created as part of an installation of Wyse Device Manager. An attacker may be able to use this to gain authenticated access to the system, which could allow for other attacks against the affected applicati...