4 results (0.006 seconds)

CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 1

Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating RsaSignatureLen during key negotiation, which could crash the application or leak sensitive information. Dameware Remote Mini Control versión 12.1.0.34 y anteriores, contiene una sobreimpresión de búfer remoto no autenticado debido a que el servidor no está comprobando correctamente RsaSignatureLen durante la negociación de claves, lo que podría bloquear la aplicación o filtrar información confidencial. • https://www.tenable.com/security/research/tra-2019-26 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2

SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer Overflow. SolarWinds DameWare Mini Remote Control en versiones anteriores a la 12.1 tiene un desbordamiento de búfer. • https://www.exploit-db.com/exploits/47126 http://packetstormsecurity.com/files/153668/DameWare-Remote-Support-12.0.0.509-Buffer-Overflow.html https://labs.nettitude.com/blog/solarwinds-cve-2018-12897-dameware-mini-remote-control-local-seh-buffer-overflow • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 14%CPEs: 1EXPL: 0

Stack-based buffer overflow in the URI handler in DWRCC.exe in SolarWinds DameWare Mini Remote Control before 12.0 HotFix 1 allows remote attackers to execute arbitrary code via a crafted commandline argument in a link. Desbordamiento de buffer basado en pila en el manejador URI en DWRCC.exe, en SolarWinds DameWare Mini Remote Control en versiones anteriores a 12.0 HotFix 1, permite a atacantes remotos ejecutar código arbitrario a través de un argumento de línea de comandos manipulado en un enlace. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds DameWare Mini Remote Control. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within DWRCC.exe. By crafting a malicious link, an attacker can trigger a stack buffer overflow while parsing the command-line arguments. • http://www.zerodayinitiative.com/advisories/ZDI-15-555 https://thwack.solarwinds.com/message/308973 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0

DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 transmits the Blowfish encryption key in plaintext, which allows remote attackers to gain sensitive information. • http://marc.info/?l=bugtraq&m=108016344224973&w=2 http://secunia.com/advisories/11205 http://securitytracker.com/id?1009557 http://www.dameware.com/support/security/bulletin.asp?ID=SB3 http://www.osvdb.org/4547 http://www.securityfocus.com/bid/9959 https://exchange.xforce.ibmcloud.com/vulnerabilities/15586 • CWE-319: Cleartext Transmission of Sensitive Information •