Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Notify Technology Subscribe
Filtered by product Notifylink
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2005-0809 1 Notify Technology 1 Notifylink 2008-09-05 7.5 HIGH N/A
NotifyLink, when configured for client key retrieval, allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp, then uses a weak encryption scheme (fixed byte reordering) to protect the key, which allows remote attackers to obtain the key via a brute force attack.
CVE-2005-0810 1 Notify Technology 1 Notifylink 2008-09-05 7.5 HIGH N/A
SQL injection vulnerability in NotifyLink before 3.0 allows remote attackers to execute arbitrary SQL commands via the URL.
CVE-2005-0811 1 Notify Technology 1 Notifylink 2008-09-05 4.6 MEDIUM N/A
The web interface in NotifyLink 3.0 does not properly restrict access to functions that have been disabled in the GUI, which allows remote authenticated users to bypass intended restrictions via a direct request to certain URLs.
CVE-2005-0812 1 Notify Technology 1 Notifylink 2008-09-05 5.0 MEDIUM N/A
The web interface in NotifyLink 3.0 displays passwords in cleartext on the administrative page, which could allow remote attackers or local users to obtain sensitive information.