CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2017-13754 – CodeMeter 6.50 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-13754
07 Sep 2017 — Cross-site scripting (XSS) vulnerability in the "advanced settings - time server" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the "server name" field in actions/ChangeConfiguration.html. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el módulo "advanced settings - time server" en Wibu-Systems CodeMeter en versiones anteriores a la 6.50b permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el campo "serve... • https://www.exploit-db.com/exploits/42610 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8419 – CodeMeter Weak Service Permissions
https://notcve.org/view.php?id=CVE-2014-8419
24 Nov 2014 — Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read and write access for all users) for codemeter.exe, which allows local users to gain privileges via a Trojan horse file. Wibu-Systems CodeMeter Runtime anterior a 5.20 utiliza permisos débiles (acceso de lectura y escritura para todos los usuarios) para codemeter.exe, lo que permite a usuarios locales ganar privilegios a través de un fichero troyano. A local privilege escalation vulnerability has been identified in the codemeter.exe Windo... • http://packetstormsecurity.com/files/129234/CodeMeter-Weak-Service-Permissions.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 5%CPEs: 4EXPL: 0CVE-2011-4057
https://notcve.org/view.php?id=CVE-2011-4057
13 Jan 2012 — Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP port 22350. Wibu-Systems AG CodeMeter Runtime v4.30c, 4v.10b, y posiblemente otras versiones anterior a v4.40 permite a atacantes remotos provocar una denegación de servicio (caída de CodeMeter.exe) a través de ciertos paquetes especialmente diseñado dirigidos al puerto TCP 22350. • http://jvn.jp/en/jp/JVN78901873/index.html • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2011-3689
https://notcve.org/view.php?id=CVE-2011-3689
27 Sep 2011 — Cross-site scripting (XSS) vulnerability in Licenses.html in Wibu-Systems CodeMeter WebAdmin 3.30 and 4.30 allows remote attackers to inject arbitrary web script or HTML via the BoxSerial parameter. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Licenses.html en Wibu-Systems CodeMeter WebAdmin v3.30 y v4.30 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro BoxSerial. • http://www.solutionary.com/index/SERT/Vuln-Disclosures/CodeMeter-WebAdmin.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •