12 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Use After Free vulnerability in Secomea SiteManager Embedded allows Obstruction. • https://www.secomea.com/support/cybersecurity-advisory • CWE-416: Use After Free •

CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 0

Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Secomea SiteManager (FTP Agent modules) allows Exploiting Trust in Client. • https://www.secomea.com/support/cybersecurity-advisory • CWE-923: Improper Restriction of Communication Channel to Intended Endpoints •

CVSS: 6.5EPSS: 0%CPEs: 24EXPL: 0

Debug tool in Secomea SiteManager allows logged-in administrator to modify system state in an unintended manner. La herramienta de depuración en Secomea SiteManager permite al administrador conectado modificar el estado del sistema de manera no deseada. • https://www.secomea.com/support/cybersecurity-advisory • CWE-267: Privilege Defined With Unsafe Actions CWE-269: Improper Privilege Management •

CVSS: 7.2EPSS: 0%CPEs: 18EXPL: 0

Stack-based Buffer Overflow vulnerability in SiteManager allows logged-in or local user to cause arbitrary code execution. This issue affects: Secomea SiteManager all versions prior to 9.7. Una vulnerabilidad de desbordamiento del búfer en la región stack de la memoria en SiteManager permite al usuario conectado o local causar una ejecución de código arbitrario. Este problema afecta a: Secomea SiteManager todas las versiones anteriores a 9.7 • https://www.secomea.com/support/cybersecurity-advisory • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 9.1EPSS: 0%CPEs: 18EXPL: 0

Cross-site Scripting (XSS) vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting. This issue affects: Secomea SiteManager all versions prior to 9.7. Una vulnerabilidad de tipo Cross-site Scripting (XSS) en la Interfaz Gráfica de Usuario de SiteManager permite al usuario conectado inyectar scripts. Este problema afecta a: Secomea SiteManager todas las versiones anteriores a 9.7 • https://www.secomea.com/support/cybersecurity-advisory • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •