Page 2 of 9 results (0.025 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2

SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer Overflow. SolarWinds DameWare Mini Remote Control en versiones anteriores a la 12.1 tiene un desbordamiento de búfer. • https://www.exploit-db.com/exploits/47126 http://packetstormsecurity.com/files/153668/DameWare-Remote-Support-12.0.0.509-Buffer-Overflow.html https://labs.nettitude.com/blog/solarwinds-cve-2018-12897-dameware-mini-remote-control-local-seh-buffer-overflow • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 14%CPEs: 1EXPL: 0

Stack-based buffer overflow in the URI handler in DWRCC.exe in SolarWinds DameWare Mini Remote Control before 12.0 HotFix 1 allows remote attackers to execute arbitrary code via a crafted commandline argument in a link. Desbordamiento de buffer basado en pila en el manejador URI en DWRCC.exe, en SolarWinds DameWare Mini Remote Control en versiones anteriores a 12.0 HotFix 1, permite a atacantes remotos ejecutar código arbitrario a través de un argumento de línea de comandos manipulado en un enlace. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds DameWare Mini Remote Control. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within DWRCC.exe. By crafting a malicious link, an attacker can trigger a stack buffer overflow while parsing the command-line arguments. • http://www.zerodayinitiative.com/advisories/ZDI-15-555 https://thwack.solarwinds.com/message/308973 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 3%CPEs: 2EXPL: 0

Stack-based buffer overflow in the "Add from text file" feature in the DameWare Exporter tool (DWExporter.exe) in DameWare Remote Support 10.0.0.372, 9.0.1.247, and earlier allows user-assisted attackers to execute arbitrary code via unspecified vectors. Desbordamiento de buffer basado en pila en la funcionalidad "Añadir desde archivo de texto" en la herramienta DameWare Exporter (DWExporter.exe) en DameWare Remote Support 10.0.0.372, 9.0.1.247 y anteriores permite a atacantes asistidos por usuario ejecutar código arbitrario a través de vectores no especificados. • http://osvdb.org/95658 http://secunia.com/advisories/53096 http://www.securityfocus.com/bid/61453 https://exchange.xforce.ibmcloud.com/vulnerabilities/85973 • CWE-787: Out-of-bounds Write •

CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0

DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 transmits the Blowfish encryption key in plaintext, which allows remote attackers to gain sensitive information. • http://marc.info/?l=bugtraq&m=108016344224973&w=2 http://secunia.com/advisories/11205 http://securitytracker.com/id?1009557 http://www.dameware.com/support/security/bulletin.asp?ID=SB3 http://www.osvdb.org/4547 http://www.securityfocus.com/bid/9959 https://exchange.xforce.ibmcloud.com/vulnerabilities/15586 • CWE-319: Cleartext Transmission of Sensitive Information •