Lucene search
K
VisualwareMyconnection Server

8 matches found

CVE
CVE
added 2021/02/26 10:53 p.m.145 views

CVE-2021-27198

Visualware MyConnection Server is affected by an unauthenticated remote code execution vulnerability (CVE-2021-27198) present in versions prior to 11.1a. The issue arises via an arbitrary file upload in the web service through the myspeed/sf?filename= URI, enabling code execution on the server (W...

10CVSS9.7AI score0.13623EPSS
Web
CVE
CVE
added 2021/02/19 10:16 p.m.82 views

CVE-2021-27509

CVE-2021-27509 affects Visualware MyConnection Server prior to version 11.0b build 5382. The issue is that each published report is not associated with its own access code, which can lead to unintended access to reports via improper linkage. NVD CVSS data indicate CVSSv3.1 base score 7.5 (HIGH) w...

7.5CVSS7.5AI score0.00972EPSS
CVE
CVE
added 2024/05/03 2:12 a.m.70 views

CVE-2023-42034

Visualware MyConnection Server is affected by CVE-2023-42034 in the doRTAAccessCTConfig path, enabling Cross-Site Scripting that bypasses authentication. The flaw arises from insufficient validation of user-supplied data, permitting injection of arbitrary script and resulting in a remote authenti...

8.8CVSS8.4AI score0.01344EPSS
CVE
CVE
added 2024/05/03 2:12 a.m.58 views

CVE-2023-42035

Summary: CVE-2023-42035 affects Visualware MyConnection Server, arising from the doIForward method and improper restriction of XML External Entity (XXE) references. A crafted XML document can cause the parser to retrieve a URI and embed its contents back into the XML, leading to information discl...

6.5CVSS6.6AI score0.01155EPSS
CVE
CVE
added 2024/05/03 2:12 a.m.56 views

CVE-2023-42033

Visualware MyConnection Server is affected by CVE-2023-42033 via the doPostUploadfiles directory traversal, allowing remote code execution with root context. The flaw is due to insufficient validation of a user-supplied path before file operations. Exploitation requires authentication, but authen...

7.2CVSS7.5AI score0.02712EPSS
CVE
CVE
added 2024/05/03 2:12 a.m.55 views

CVE-2023-42032

CVE-2023-42032 affects Visualware MyConnection Server. The doRTAAccessUPass method is exposed, creating an unauthenticated remote information disclosure vulnerability. Multiple connected sources corroborate that an attacker can disclose sensitive data within the application context without authen...

7.5CVSS7.1AI score0.0094EPSS
CVE
CVE
added 2015/02/25 10:0 p.m.52 views

CVE-2015-2043

CVE-2015-2043 affects Visualware MyConnection Server

4.3CVSS5.8AI score0.01012EPSS
Web
CVE
CVE
added 2014/07/28 3:0 p.m.44 views

CVE-2014-5113

CVE-2014-5113 describes multiple cross-site scripting (XSS) vulnerabilities in Visualware MyConnection Server 9.7i. The weakness arises on test.php where unsanitized GET parameters (including testtype, ver, cm, map, lines, pps, bpp, codec, provtext, provtextextra, provlink, duration) can be explo...

4.3CVSS5.9AI score0.01854EPSS
Web