Total
4 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-27198 | 1 Visualware | 1 Myconnection Server | 2021-09-14 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered in Visualware MyConnection Server before v11.1a. Unauthenticated Remote Code Execution can occur via Arbitrary File Upload in the web service when using a myspeed/sf?filename= URI. This application is written in Java and is thus cross-platform. The Windows installation runs as SYSTEM, which means that exploitation gives one Administrator privileges on the target system. | |||||
CVE-2021-27509 | 1 Visualware | 1 Myconnection Server | 2021-03-01 | 5.0 MEDIUM | 7.5 HIGH |
In Visualware MyConnection Server before 11.0b build 5382, each published report is not associated with its own access code. | |||||
CVE-2015-2043 | 1 Visualware | 1 Myconnection Server | 2015-02-26 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Visualware MyConnection Server 8.2b allow remote attackers to inject arbitrary web script or HTML via the (1) bt, (2) variable, or (3) et parameter to myspeed/db/historyitem. | |||||
CVE-2014-5113 | 1 Visualware | 1 Myconnection Server | 2014-07-29 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in test.php in Visualware MyConnection Server 9.7i allow remote attackers to inject arbitrary web script or HTML via the (1) testtype, (2) ver, (3) cm, (4) map, (5) lines, (6) pps, (7) bpp, (8) codec, (9) provtext, (10) provtextextra, (11) provlink, or (12) duration parameter. |