8 matches found
CVE-2021-27198
Visualware MyConnection Server is affected by an unauthenticated remote code execution vulnerability (CVE-2021-27198) present in versions prior to 11.1a. The issue arises via an arbitrary file upload in the web service through the myspeed/sf?filename= URI, enabling code execution on the server (W...
CVE-2021-27509
CVE-2021-27509 affects Visualware MyConnection Server prior to version 11.0b build 5382. The issue is that each published report is not associated with its own access code, which can lead to unintended access to reports via improper linkage. NVD CVSS data indicate CVSSv3.1 base score 7.5 (HIGH) w...
CVE-2023-42034
Visualware MyConnection Server is affected by CVE-2023-42034 in the doRTAAccessCTConfig path, enabling Cross-Site Scripting that bypasses authentication. The flaw arises from insufficient validation of user-supplied data, permitting injection of arbitrary script and resulting in a remote authenti...
CVE-2023-42035
Summary: CVE-2023-42035 affects Visualware MyConnection Server, arising from the doIForward method and improper restriction of XML External Entity (XXE) references. A crafted XML document can cause the parser to retrieve a URI and embed its contents back into the XML, leading to information discl...
CVE-2023-42033
Visualware MyConnection Server is affected by CVE-2023-42033 via the doPostUploadfiles directory traversal, allowing remote code execution with root context. The flaw is due to insufficient validation of a user-supplied path before file operations. Exploitation requires authentication, but authen...
CVE-2023-42032
CVE-2023-42032 affects Visualware MyConnection Server. The doRTAAccessUPass method is exposed, creating an unauthenticated remote information disclosure vulnerability. Multiple connected sources corroborate that an attacker can disclose sensitive data within the application context without authen...
CVE-2015-2043
CVE-2015-2043 affects Visualware MyConnection Server
CVE-2014-5113
CVE-2014-5113 describes multiple cross-site scripting (XSS) vulnerabilities in Visualware MyConnection Server 9.7i. The weakness arises on test.php where unsanitized GET parameters (including testtype, ver, cm, map, lines, pps, bpp, codec, provtext, provtextextra, provlink, duration) can be explo...