CVE-2023-25392
https://notcve.org/view.php?id=CVE-2023-25392
Allegro Tech BigFlow <1.6 is vulnerable to Missing SSL Certificate Validation. • https://github.com/allegro/bigflow/pull/357 https://lutrasecurity.com/en/articles/cve-2023-25392 • CWE-295: Improper Certificate Validation •
CVE-2021-43978
https://notcve.org/view.php?id=CVE-2021-43978
Allegro WIndows 3.3.4152.0, embeds software administrator database credentials into its binary files, which allows users to access and modify data using the same credentials. Allegro Windows versión 3.3.4152.0, inserta las credenciales de la base de datos del administrador del software en sus archivos binarios, lo que permite a usuarios acceder y modificar los datos usando las mismas credenciales • https://excellium-services.com/cert-xlm-advisory/CVE-2021-43978 https://www.allegro.be • CWE-522: Insufficiently Protected Credentials •
CVE-2021-42110
https://notcve.org/view.php?id=CVE-2021-42110
An issue was discovered in Allegro Windows (formerly Popsy Windows) before 3.3.4156.1. A standard user can escalate privileges to SYSTEM if the FTP module is installed, because of DLL hijacking. Se ha detectado un problema en Allegro Windows (anteriormente Popsy Windows) versiones anteriores a 3.3.4156.1. Un usuario estándar puede escalar privilegios a SYSTEM si el módulo FTP está instalado, debido al secuestro de DLL • http://www.popsy.com/Documents/Setups/Setup.Allegro.3.3.4154.2.exe https://excellium-services.com/cert-xlm-advisory/CVE-2021-42110 •
CVE-2000-0470 – Allegro RomPager 2.10 - URL Request Denial of Service
https://notcve.org/view.php?id=CVE-2000-0470
Allegro RomPager HTTP server allows remote attackers to cause a denial of service via a malformed authentication request. • https://www.exploit-db.com/exploits/10237 http://archives.neohapsis.com/archives/bugtraq/2000-05/0398.html http://www.securityfocus.com/bid/1290 https://exchange.xforce.ibmcloud.com/vulnerabilities/4588 •