Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Notify Technology Security Vulnerabilities

cve
cve

CVE-2005-0809

NotifyLink, when configured for client key retrieval, allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp, then uses a weak encryption scheme (fixed byte reordering) to protect the key, which allows remote attackers to obtain the key via a brute force attack.

6.6AI Score

0.011EPSS

2005-05-02 04:00 AM
25
cve
cve

CVE-2005-0810

SQL injection vulnerability in NotifyLink before 3.0 allows remote attackers to execute arbitrary SQL commands via the URL.

8.4AI Score

0.003EPSS

2005-05-02 04:00 AM
23
cve
cve

CVE-2005-0811

The web interface in NotifyLink 3.0 does not properly restrict access to functions that have been disabled in the GUI, which allows remote authenticated users to bypass intended restrictions via a direct request to certain URLs.

6.3AI Score

0.002EPSS

2005-05-02 04:00 AM
21
cve
cve

CVE-2005-0812

The web interface in NotifyLink 3.0 displays passwords in cleartext on the administrative page, which could allow remote attackers or local users to obtain sensitive information.

6.3AI Score

0.003EPSS

2005-05-02 04:00 AM
26