CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-4770 – Uncontrolled Search Path Element Vulnerability in 4D and 4D Windows Server
https://notcve.org/view.php?id=CVE-2023-4770
An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution. Se ha encontrado una vulnerabilidad no controlada en un elemento de ruta de búsqueda en aplicaciones ejecutables de Windows de 4D y 4D server, afectando a la versión 19 R8 100218. Esta vulnerabilidad consiste en un secuestro de DLL reemplazando x64 shfolder.dll en la ruta de instalación, provocando la ejecución de código arbitrario. • https://www.incibe.es/en/incibe-cert/notices/aviso/uncontrolled-search-path-element-vulnerability-4d-and-4d-windows-server • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2023-30222
https://notcve.org/view.php?id=CVE-2023-30222
An information disclosure vulnerability in 4D SAS 4D Server Application v17, v18, v19 R7 and earlier allows attackers to retrieve password hashes for all users via eavesdropping. • https://blog.4d.com/security-bulletin-two-cves-and-how-to-stay-secure https://packetstormsecurity.com https://www.infigo.is/en/insights/42/information-disclosure-and-broken-authentication-in-4d-sas-4d-server • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2023-30223
https://notcve.org/view.php?id=CVE-2023-30223
A broken authentication vulnerability in 4D SAS 4D Server software v17, v18, v19 R7, and earlier allows attackers to send crafted TCP packets containing requests to perform arbitrary actions. • https://blog.4d.com/security-bulletin-two-cves-and-how-to-stay-secure https://packetstormsecurity.com https://www.infigo.is/en/insights/42/information-disclosure-and-broken-authentication-in-4d-sas-4d-server • CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2005-3143
https://notcve.org/view.php?id=CVE-2005-3143
Unspecified vulnerability in the Mailbox Server for 4D WebStar before 5.3.5 allows attackers to cause a denial of service (crash) via IMAP clients on Mac OS X 10.4 Mail 2. • ftp://ftp.4d.com/ACI_PRODUCT_REFERENCE_LIBRARY/4D_PRODUCT_DOCUMENTATION/PDF_Docs_by_4D_Product_A-Z/4D_WebSTAR/Software_Change_History_535.txt http://secunia.com/advisories/17003 http://www.securityfocus.com/bid/14981 •
CVSS: 5.0EPSS: 7%CPEs: 2EXPL: 2CVE-2005-1507 – 4D WebSTAR 5.3/5.4 Tomcat Plugin - Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2005-1507
Buffer overflow in the Tomcat plugin in 4d WebSTAR 5.33 and 5.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL. • https://www.exploit-db.com/exploits/25626 http://marc.info/?l=bugtraq&m=111541709402784&w=2 http://secunia.com/advisories/15278 http://www.osvdb.org/16154 http://www.securityfocus.com/bid/13538 https://exchange.xforce.ibmcloud.com/vulnerabilities/20478 •