CVSS: 10.0EPSS: 1%CPEs: 23EXPL: 0CVE-2006-1038
https://notcve.org/view.php?id=CVE-2006-1038
Buffer overflow in SecureCRT 5.0.4 and earlier and SecureFX 3.0.4 and earlier allows remote attackers to have an unknown impact when a Unicode string is converted to a "narrow" string. • http://secunia.com/advisories/19040 http://www.securityfocus.com/bid/16935 http://www.vandyke.com/products/securecrt/history.txt http://www.vandyke.com/products/securefx/history.txt http://www.vupen.com/english/advisories/2006/0806 https://exchange.xforce.ibmcloud.com/vulnerabilities/25092 •
CVSS: 7.5EPSS: 22%CPEs: 14EXPL: 0CVE-2004-1541
https://notcve.org/view.php?id=CVE-2004-1541
SecureCRT 4.0, 4.1, and possibly other versions, allows remote attackers to execute arbitrary commands via a telnet:// URL that uses the /F option to specify a configuration file on a samba share. • http://marc.info/?l=bugtraq&m=110129164332226&w=2 http://secunia.com/advisories/13275 http://www.securityfocus.com/bid/11731 https://exchange.xforce.ibmcloud.com/vulnerabilities/18201 •
CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 0CVE-2003-0047
https://notcve.org/view.php?id=CVE-2003-0047
SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials. Los clientes SSH2 de VanDyke SecureCRT 4.0.2 y 3.4.5, SecureFX 2.1.2 y 2.0.4, y Entunnel 1.02 y anteriores, no borran los credenciales de inicio de sesión de memoria, incluyendo contraseñas en texto claro, lo que podría permitir a atacantes con acceso a memoria robar los credenciales SSH. • http://marc.info/?l=bugtraq&m=104386492422014&w=2 http://www.idefense.com/advisory/01.28.03.txt http://www.securityfocus.com/bid/6726 http://www.securityfocus.com/bid/6727 http://www.securityfocus.com/bid/6728 http://www.securitytracker.com/id?1006010 http://www.securitytracker.com/id?1006011 http://www.securitytracker.com/id?1006012 •
CVSS: 7.5EPSS: 13%CPEs: 19EXPL: 4CVE-2002-1059 – SecureCRT 2.4/3.x/4.0 - SSH1 Identifier String Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-1059
Buffer overflow in Van Dyke SecureCRT SSH client before 3.4.6, and 4.x before 4.0 beta 3, allows an SSH server to execute arbitrary code via a long SSH1 protocol version string. • https://www.exploit-db.com/exploits/21634 https://www.exploit-db.com/exploits/16460 https://www.exploit-db.com/exploits/21635 http://marc.info/?l=bugtraq&m=102744150718462&w=2 http://marc.info/?l=bugtraq&m=102746007908689&w=2 http://www.iss.net/security_center/static/9650.php http://www.osvdb.org/4991 http://www.securityfocus.com/bid/5287 http://www.vandyke.com/products/securecrt/security07-25-02.html •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0CVE-2001-1466
https://notcve.org/view.php?id=CVE-2001-1466
Buffer overflow in VanDyke SecureCRT before 3.4.2, when using the SSH-1 protocol, allows remote attackers to execute arbitrary code via a long (1) username or (2) password. • http://archives.neohapsis.com/archives/vuln-dev/2001-q4/0967.html http://www.kb.cert.org/vuls/id/216227 https://exchange.xforce.ibmcloud.com/vulnerabilities/10111 •