Page 5 of 25 results (0.022 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

A path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite files in an arbitrary location. Un problema de salto de ruta en los archivos adjuntos de entrada en Devolutions Remote Desktop Manager versiones anteriores a 2022.2, permite a atacantes crear o sobrescribir archivos en una ubicación arbitraria • https://devolutions.net • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when closing and reopening a panel, which could lead to involuntarily disclosing sensitive information. This issue affects: Devolutions Remote Desktop Manager 2022.1.24 version and prior versions. Una falta de enmascaramiento de contraseñas en Devolutions Remote Desktop Manager permite a atacantes físicamente próximos observar datos confidenciales. Un problema de almacenamiento en caché puede causar que los campos confidenciales a veces permanezcan revelados cuando es cerrado y vuelve a abrir un panel, lo que podría conllevar a una revelación involuntaria de información confidencial. • https://devolutions.net/security/advisories/DEVO-2022-0003 • CWE-522: Insufficiently Protected Credentials CWE-549: Missing Password Field Masking •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass permissions via batch custom PowerShell. Una comprobación de permisos incompleta en las entradas de Devolutions Remote Desktop Manager versiones anteriores a 2021.2.16, permite a atacantes omitir los permisos por medio de PowerShell personalizado por lotes • https://devolutions.net https://devolutions.net/security/advisories/DEVO-2021-0006 • CWE-276: Incorrect Default Permissions •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. There is a cross-site scripting (XSS) vulnerability in webviews. Se detectó un problema en Devolutions Remote Desktop Manager versiones anteriores a 2020.2.12. Se presenta una vulnerabilidad de tipo cross-site scripting en las vistas web. • https://devolutions.net/security/advisories/devo-2021-0001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Remote Desktop Manager before 2021.1 allows remote authenticated users to inject arbitrary web script or HTML via multiple input fields. Cross-Site Scripting (XSS) en Administrative Reports en Devolutions Remote Desktop Manager versiones anteriores a 2021.1, permite a los usuarios autenticados remotamente inyectar scripts web o HTML arbitrarios a través de múltiples campos de entrada. • https://devolutions.net/security/advisories/devo-2021-0003 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •