Show filters
14 Total Results
Displaying 11-14 of 14
Sort by:
Attacker Value
Unknown
CVE-2019-18338
Disclosure Date: December 12, 2019 (last updated November 27, 2024)
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The Control Center Server (CCS) contains a directory traversal
vulnerability in its XML-based communication protocol as provided by default
on ports 5444/tcp and 5440/tcp.
An authenticated remote attacker with network access to the CCS server
could exploit this vulnerability to list arbitrary directories
or read files outside of the CCS application context.
0
Attacker Value
Unknown
CVE-2019-18341
Disclosure Date: December 12, 2019 (last updated November 27, 2024)
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The SFTP service (default port 22/tcp) of the Control Center Server
(CCS) contains an authentication bypass vulnerability.
A remote attacker with network access to the CCS server could
exploit this vulnerability to read data from the EDIR directory
(for example, the list of all configured stations).
0
Attacker Value
Unknown
CVE-2019-13947
Disclosure Date: November 12, 2019 (last updated January 09, 2024)
A vulnerability has been identified in Control Center Server (CCS) (All versions < V1.5.0). The user configuration menu in the web interface of the
Control Center Server (CCS) transfers user passwords in clear to the
client (browser).
An attacker with administrative privileges for the web interface could be
able to read (and not only reset) passwords of other CCS users.
0
Attacker Value
Unknown
CVE-2019-18339
Disclosure Date: May 16, 2019 (last updated November 27, 2024)
A vulnerability has been identified in SiNVR/SiVMS Video Server (All versions < V5.0.0). The HTTP service (default port 5401/tcp) of the SiVMS/SiNVR Video Server
contains an authentication bypass vulnerability, even when properly
configured with enforced authentication.
A remote attacker with network access to the Video Server could
exploit this vulnerability to read the SiVMS/SiNVR users database, including
the passwords of all users in obfuscated cleartext.
0