Consona Subscriber Assistance@* Security Vulnerabilities and Issues — Consona Subscriber Assistance@* CVE List

Lucene search

ConsonaConsona Subscriber Assistance*

8 matches found

CVE•added 2010/05/12 11:46 a.m.•44 views

CVE-2010-1910

The Forgot Password implementation in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to reset passwords of accounts with blank Hint questions and Hint answers by sending an empty value for each of these two Hint fields.

5.1CVSS6.9AI score0.01066EPSS

CVE•added 2010/05/12 11:46 a.m.•34 views

CVE-2010-1912

The SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to bypass intended restrictions on ActiveX execution via "instantiation/free attacks."

9.3CVSS7.1AI score0.03815EPSS

CVE•added 2010/05/12 11:46 a.m.•33 views

CVE-2010-1908

The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance does not properly restrict access to the HTTPDownloadFile, HTTPGetFile, Install, and RunCmd methods, which allows remote attackers to execute arbitrary programs via a URL in the ...

9.3CVSS7.6AI score0.01798EPSS

CVE•added 2010/05/12 11:46 a.m.•32 views

CVE-2010-1907

The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to discover the username of the client user, and consequently determine a pathname to a certain user directory, via a call to the GetUserName method.

4.3CVSS6.8AI score0.02401EPSS

CVE•added 2010/05/12 11:46 a.m.•32 views

CVE-2010-1909

Buffer overflow in the RunCmd method in the SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to execute arbitrary code via vectors involving "CreateProcess params." NOTE: some of these details are obtained f...

7.6CVSS8.2AI score0.09602EPSS

CVE•added 2010/05/12 11:46 a.m.•31 views

CVE-2010-1913

The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that includes ...

9.3CVSS7.4AI score0.02963EPSS

CVE•added 2010/05/12 11:46 a.m.•28 views

CVE-2010-1905

Multiple cross-site scripting (XSS) vulnerabilities in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input to ASP pages, as demonstrated using the backurl parameter to sdccommon/verify/asp/n6plugindestruct...

4.3CVSS5.9AI score0.01639EPSS

CVE•added 2010/05/12 11:46 a.m.•27 views

CVE-2010-1911

The site-locking implementation in the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance relies on a list of server domain names to restrict execution of ActiveX controls, which makes it easier for man-in-the-middle attackers to execute a...

9.3CVSS7.7AI score0.02091EPSS