CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-3957
https://notcve.org/view.php?id=CVE-2019-3957
Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating RsaSignatureLen during key negotiation, which could crash the application or leak sensitive information. Dameware Remote Mini Control versión 12.1.0.34 y anteriores, contiene una sobreimpresión de búfer remoto no autenticado debido a que el servidor no está comprobando correctamente RsaSignatureLen durante la negociación de claves, lo que podría bloquear la aplicación o filtrar información confidencial. • https://www.tenable.com/security/research/tra-2019-26 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-12897 – DameWare Remote Support 12.0.0.509 - 'Host' Buffer Overflow (SEH)
https://notcve.org/view.php?id=CVE-2018-12897
SolarWinds DameWare Mini Remote Control before 12.1 has a Buffer Overflow. SolarWinds DameWare Mini Remote Control en versiones anteriores a la 12.1 tiene un desbordamiento de búfer. • https://www.exploit-db.com/exploits/47126 http://packetstormsecurity.com/files/153668/DameWare-Remote-Support-12.0.0.509-Buffer-Overflow.html https://labs.nettitude.com/blog/solarwinds-cve-2018-12897-dameware-mini-remote-control-local-seh-buffer-overflow • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 14%CPEs: 1EXPL: 0CVE-2015-8220 – SolarWinds DameWare Mini Remote Control URI Handler Stack Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-8220
Stack-based buffer overflow in the URI handler in DWRCC.exe in SolarWinds DameWare Mini Remote Control before 12.0 HotFix 1 allows remote attackers to execute arbitrary code via a crafted commandline argument in a link. Desbordamiento de buffer basado en pila en el manejador URI en DWRCC.exe, en SolarWinds DameWare Mini Remote Control en versiones anteriores a 12.0 HotFix 1, permite a atacantes remotos ejecutar código arbitrario a través de un argumento de línea de comandos manipulado en un enlace. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds DameWare Mini Remote Control. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within DWRCC.exe. By crafting a malicious link, an attacker can trigger a stack buffer overflow while parsing the command-line arguments. • http://www.zerodayinitiative.com/advisories/ZDI-15-555 https://thwack.solarwinds.com/message/308973 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0CVE-2004-1852
https://notcve.org/view.php?id=CVE-2004-1852
DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 transmits the Blowfish encryption key in plaintext, which allows remote attackers to gain sensitive information. • http://marc.info/?l=bugtraq&m=108016344224973&w=2 http://secunia.com/advisories/11205 http://securitytracker.com/id?1009557 http://www.dameware.com/support/security/bulletin.asp?ID=SB3 http://www.osvdb.org/4547 http://www.securityfocus.com/bid/9959 https://exchange.xforce.ibmcloud.com/vulnerabilities/15586 • CWE-319: Cleartext Transmission of Sensitive Information •