Visualware : Security Vulnerabilities, CVEs,

CVE-2021-27509

In Visualware MyConnection Server before 11.0b build 5382, each published report is not associated with its own access code.
Max CVSS
7.5
EPSS Score
0.17%
Published
2021-02-19
Updated
2021-03-01

CVE-2021-27198

An issue was discovered in Visualware MyConnection Server before v11.1a. Unauthenticated Remote Code Execution can occur via Arbitrary File Upload in the web service when using a myspeed/sf?filename= URI. This application is written in Java and is thus cross-platform. The Windows installation runs as SYSTEM, which means that exploitation gives one Administrator privileges on the target system.
Max CVSS
10.0
EPSS Score
5.00%
Published
2021-02-26
Updated
2021-09-14

CVE-2015-2043

Multiple cross-site scripting (XSS) vulnerabilities in Visualware MyConnection Server 8.2b allow remote attackers to inject arbitrary web script or HTML via the (1) bt, (2) variable, or (3) et parameter to myspeed/db/historyitem.
Max CVSS
4.3
EPSS Score
0.14%
Published
2015-02-25
Updated
2015-02-26

CVE-2014-5113

Multiple cross-site scripting (XSS) vulnerabilities in test.php in Visualware MyConnection Server 9.7i allow remote attackers to inject arbitrary web script or HTML via the (1) testtype, (2) ver, (3) cm, (4) map, (5) lines, (6) pps, (7) bpp, (8) codec, (9) provtext, (10) provtextextra, (11) provlink, or (12) duration parameter.
Max CVSS
4.3
EPSS Score
0.43%
Published
2014-07-28
Updated
2014-07-29
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close