Page 3 of 14 results (0.009 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3

Cross-site scripting (XSS) vulnerability in the "advanced settings - time server" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the "server name" field in actions/ChangeConfiguration.html. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el módulo "advanced settings - time server" en Wibu-Systems CodeMeter en versiones anteriores a la 6.50b permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el campo "server name" en actions/ChangeConfiguration.html. • https://www.exploit-db.com/exploits/42610 http://seclists.org/fulldisclosure/2017/Sep/1 http://www.securityfocus.com/archive/1/541119/100/0/threaded http://www.securityfocus.com/bid/104433 https://ics-cert.us-cert.gov/advisories/ICSA-18-102-02 https://rockwellautomation.custhelp.com/app/answers/detail/a_id/1073133 https://www.vulnerability-lab.com/get_content.php?id=2074 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read and write access for all users) for codemeter.exe, which allows local users to gain privileges via a Trojan horse file. Wibu-Systems CodeMeter Runtime anterior a 5.20 utiliza permisos débiles (acceso de lectura y escritura para todos los usuarios) para codemeter.exe, lo que permite a usuarios locales ganar privilegios a través de un fichero troyano. • http://packetstormsecurity.com/files/129234/CodeMeter-Weak-Service-Permissions.html http://www.securityfocus.com/archive/1/534079/100/0/threaded • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 4%CPEs: 4EXPL: 0

Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP port 22350. Wibu-Systems AG CodeMeter Runtime v4.30c, 4v.10b, y posiblemente otras versiones anterior a v4.40 permite a atacantes remotos provocar una denegación de servicio (caída de CodeMeter.exe) a través de ciertos paquetes especialmente diseñado dirigidos al puerto TCP 22350. • http://jvn.jp/en/jp/JVN78901873/index.html http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000003.html http://osvdb.org/78223 http://secunia.com/advisories/47497 http://www.kb.cert.org/vuls/id/659515 http://www.kb.cert.org/vuls/id/MAPG-8MYNFL http://www.securityfocus.com/bid/51382 • CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1

Cross-site scripting (XSS) vulnerability in Licenses.html in Wibu-Systems CodeMeter WebAdmin 3.30 and 4.30 allows remote attackers to inject arbitrary web script or HTML via the BoxSerial parameter. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Licenses.html en Wibu-Systems CodeMeter WebAdmin v3.30 y v4.30 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro BoxSerial. • http://www.solutionary.com/index/SERT/Vuln-Disclosures/CodeMeter-WebAdmin.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •