Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
18 vulnerabilities by consona
CVE-2010-1913 (GCVE-0-2010-1913)
Vulnerability from nvd – Published: 2010-05-11 23:00 – Updated: 2024-08-07 02:17
VLAI
Summary
The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that includes the DNS hostnames of home computers of many persons, which allows remote attackers to bypass intended restrictions on ActiveX execution by hosting an ActiveX control on an applicable home web server.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/602801 | third-party-advisoryx_refsource_CERT-VN |
| http://wintercore.com/en/component/content/articl… | x_refsource_MISC |
| http://www.wintercore.com/downloads/rootedcon_0day.pdf | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/511176/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2010-05-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:12.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that includes the DNS hostnames of home computers of many persons, which allows remote attackers to bypass intended restrictions on ActiveX execution by hosting an ActiveX control on an applicable home web server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that includes the DNS hostnames of home computers of many persons, which allows remote attackers to bypass intended restrictions on ActiveX execution by hosting an ActiveX control on an applicable home web server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#602801",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"name": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html",
"refsource": "MISC",
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"name": "http://www.wintercore.com/downloads/rootedcon_0day.pdf",
"refsource": "MISC",
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1913",
"datePublished": "2010-05-11T23:00:00.000Z",
"dateReserved": "2010-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:17:12.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1912 (GCVE-0-2010-1912)
Vulnerability from nvd – Published: 2010-05-11 23:00 – Updated: 2024-08-07 02:17
VLAI
Summary
The SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to bypass intended restrictions on ActiveX execution via "instantiation/free attacks."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/602801 | third-party-advisoryx_refsource_CERT-VN |
| http://wintercore.com/en/component/content/articl… | x_refsource_MISC |
| http://www.wintercore.com/downloads/rootedcon_0day.pdf | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/511176/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2010-05-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:13.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
},
{
"name": "consona-sdcwebsecurebase-sec-bypass(58607)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58607"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to bypass intended restrictions on ActiveX execution via \"instantiation/free attacks.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
},
{
"name": "consona-sdcwebsecurebase-sec-bypass(58607)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58607"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to bypass intended restrictions on ActiveX execution via \"instantiation/free attacks.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#602801",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"name": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html",
"refsource": "MISC",
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"name": "http://www.wintercore.com/downloads/rootedcon_0day.pdf",
"refsource": "MISC",
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
},
{
"name": "consona-sdcwebsecurebase-sec-bypass(58607)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58607"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1912",
"datePublished": "2010-05-11T23:00:00.000Z",
"dateReserved": "2010-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:17:13.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1911 (GCVE-0-2010-1911)
Vulnerability from nvd – Published: 2010-05-11 23:00 – Updated: 2024-08-07 02:17
VLAI
Summary
The site-locking implementation in the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance relies on a list of server domain names to restrict execution of ActiveX controls, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a DNS hijacking attack.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/602801 | third-party-advisoryx_refsource_CERT-VN |
| http://wintercore.com/en/component/content/articl… | x_refsource_MISC |
| http://www.wintercore.com/downloads/rootedcon_0day.pdf | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/511176/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.consona.com/Content/CRM/Support/Securi… | x_refsource_CONFIRM |
Date Public
2010-05-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:12.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "consona-sdcwebsecurebase-code-exec(58608)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58608"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The site-locking implementation in the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance relies on a list of server domain names to restrict execution of ActiveX controls, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a DNS hijacking attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "consona-sdcwebsecurebase-code-exec(58608)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58608"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The site-locking implementation in the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance relies on a list of server domain names to restrict execution of ActiveX controls, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a DNS hijacking attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#602801",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"name": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html",
"refsource": "MISC",
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"name": "http://www.wintercore.com/downloads/rootedcon_0day.pdf",
"refsource": "MISC",
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "consona-sdcwebsecurebase-code-exec(58608)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58608"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
},
{
"name": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf",
"refsource": "CONFIRM",
"url": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1911",
"datePublished": "2010-05-11T23:00:00.000Z",
"dateReserved": "2010-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:17:12.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1910 (GCVE-0-2010-1910)
Vulnerability from nvd – Published: 2010-05-11 23:00 – Updated: 2024-08-07 02:17
VLAI
Summary
The Forgot Password implementation in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to reset passwords of accounts with blank Hint questions and Hint answers by sending an empty value for each of these two Hint fields.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/602801 | third-party-advisoryx_refsource_CERT-VN |
| http://wintercore.com/en/component/content/articl… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/511176/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/40003 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/39740 | third-party-advisoryx_refsource_SECUNIA |
| http://www.consona.com/Content/CRM/Support/Securi… | x_refsource_CONFIRM |
Date Public
2010-05-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:12.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
},
{
"name": "40003",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40003"
},
{
"name": "39740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39740"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Forgot Password implementation in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to reset passwords of accounts with blank Hint questions and Hint answers by sending an empty value for each of these two Hint fields."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
},
{
"name": "40003",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40003"
},
{
"name": "39740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39740"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Forgot Password implementation in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to reset passwords of accounts with blank Hint questions and Hint answers by sending an empty value for each of these two Hint fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#602801",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"name": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html",
"refsource": "MISC",
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
},
{
"name": "40003",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40003"
},
{
"name": "39740",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39740"
},
{
"name": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf",
"refsource": "CONFIRM",
"url": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1910",
"datePublished": "2010-05-11T23:00:00.000Z",
"dateReserved": "2010-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:17:12.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1909 (GCVE-0-2010-1909)
Vulnerability from nvd – Published: 2010-05-11 23:00 – Updated: 2024-08-07 02:17
VLAI
Summary
Buffer overflow in the RunCmd method in the SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to execute arbitrary code via vectors involving "CreateProcess params." NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/39751 | third-party-advisoryx_refsource_SECUNIA |
| http://www.kb.cert.org/vuls/id/602801 | third-party-advisoryx_refsource_CERT-VN |
| http://wintercore.com/en/component/content/articl… | x_refsource_MISC |
| http://www.wintercore.com/downloads/rootedcon_0day.pdf | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/511176/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2010-05-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:12.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39751"
},
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the RunCmd method in the SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to execute arbitrary code via vectors involving \"CreateProcess params.\" NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39751"
},
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the RunCmd method in the SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to execute arbitrary code via vectors involving \"CreateProcess params.\" NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39751"
},
{
"name": "VU#602801",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"name": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html",
"refsource": "MISC",
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"name": "http://www.wintercore.com/downloads/rootedcon_0day.pdf",
"refsource": "MISC",
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1909",
"datePublished": "2010-05-11T23:00:00.000Z",
"dateReserved": "2010-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:17:12.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1908 (GCVE-0-2010-1908)
Vulnerability from nvd – Published: 2010-05-11 23:00 – Updated: 2024-08-07 02:17
VLAI
Summary
The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance does not properly restrict access to the HTTPDownloadFile, HTTPGetFile, Install, and RunCmd methods, which allows remote attackers to execute arbitrary programs via a URL in the url argument to (1) HTTPDownloadFile or (2) HTTPGetFile.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/39751 | third-party-advisoryx_refsource_SECUNIA |
| http://www.kb.cert.org/vuls/id/602801 | third-party-advisoryx_refsource_CERT-VN |
| http://wintercore.com/en/component/content/articl… | x_refsource_MISC |
| http://www.wintercore.com/downloads/rootedcon_0day.pdf | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/511176/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2010-05-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:12.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39751"
},
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance does not properly restrict access to the HTTPDownloadFile, HTTPGetFile, Install, and RunCmd methods, which allows remote attackers to execute arbitrary programs via a URL in the url argument to (1) HTTPDownloadFile or (2) HTTPGetFile."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39751"
},
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance does not properly restrict access to the HTTPDownloadFile, HTTPGetFile, Install, and RunCmd methods, which allows remote attackers to execute arbitrary programs via a URL in the url argument to (1) HTTPDownloadFile or (2) HTTPGetFile."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39751"
},
{
"name": "VU#602801",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"name": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html",
"refsource": "MISC",
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"name": "http://www.wintercore.com/downloads/rootedcon_0day.pdf",
"refsource": "MISC",
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1908",
"datePublished": "2010-05-11T23:00:00.000Z",
"dateReserved": "2010-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:17:12.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1907 (GCVE-0-2010-1907)
Vulnerability from nvd – Published: 2010-05-11 23:00 – Updated: 2024-08-07 02:17
VLAI
Summary
The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to discover the username of the client user, and consequently determine a pathname to a certain user directory, via a call to the GetUserName method.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/602801 | third-party-advisoryx_refsource_CERT-VN |
| http://wintercore.com/en/component/content/articl… | x_refsource_MISC |
| http://www.wintercore.com/downloads/rootedcon_0day.pdf | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/511176/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2010-05-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:12.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to discover the username of the client user, and consequently determine a pathname to a certain user directory, via a call to the GetUserName method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to discover the username of the client user, and consequently determine a pathname to a certain user directory, via a call to the GetUserName method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#602801",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"name": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html",
"refsource": "MISC",
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"name": "http://www.wintercore.com/downloads/rootedcon_0day.pdf",
"refsource": "MISC",
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1907",
"datePublished": "2010-05-11T23:00:00.000Z",
"dateReserved": "2010-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:17:12.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1906 (GCVE-0-2010-1906)
Vulnerability from nvd – Published: 2010-05-11 23:00 – Updated: 2024-08-07 02:17
VLAI
Summary
tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manager, Subscriber Activation, and Subscriber Agent relies on a predictable timestamp field to validate input to the \\.\pipe\__RepairService_pipe__company named pipe, which allows remote authenticated users to execute arbitrary code by obtaining the current time from (1) tcpip.sys or (2) an SMB2 service.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/39752 | third-party-advisoryx_refsource_SECUNIA |
| http://www.kb.cert.org/vuls/id/602801 | third-party-advisoryx_refsource_CERT-VN |
| http://wintercore.com/en/component/content/articl… | x_refsource_MISC |
| http://www.wintercore.com/downloads/rootedcon_0day.pdf | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/511176/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.consona.com/Content/CRM/Support/Securi… | x_refsource_CONFIRM |
Date Public
2010-05-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:12.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39752",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39752"
},
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manager, Subscriber Activation, and Subscriber Agent relies on a predictable timestamp field to validate input to the \\\\.\\pipe\\__RepairService_pipe__company named pipe, which allows remote authenticated users to execute arbitrary code by obtaining the current time from (1) tcpip.sys or (2) an SMB2 service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39752",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39752"
},
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manager, Subscriber Activation, and Subscriber Agent relies on a predictable timestamp field to validate input to the \\\\.\\pipe\\__RepairService_pipe__company named pipe, which allows remote authenticated users to execute arbitrary code by obtaining the current time from (1) tcpip.sys or (2) an SMB2 service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39752",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39752"
},
{
"name": "VU#602801",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"name": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html",
"refsource": "MISC",
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"name": "http://www.wintercore.com/downloads/rootedcon_0day.pdf",
"refsource": "MISC",
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
},
{
"name": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf",
"refsource": "CONFIRM",
"url": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1906",
"datePublished": "2010-05-11T23:00:00.000Z",
"dateReserved": "2010-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:17:12.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1905 (GCVE-0-2010-1905)
Vulnerability from nvd – Published: 2010-05-11 23:00 – Updated: 2024-08-07 02:17
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input to ASP pages, as demonstrated using the backurl parameter to sdccommon/verify/asp/n6plugindestructor.asp.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/602801 | third-party-advisoryx_refsource_CERT-VN |
| http://wintercore.com/en/component/content/articl… | x_refsource_MISC |
| http://www.wintercore.com/downloads/rootedcon_0day.pdf | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/511176/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/39740 | third-party-advisoryx_refsource_SECUNIA |
| http://www.consona.com/Content/CRM/Support/Securi… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/39999 | vdb-entryx_refsource_BID |
Date Public
2010-05-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:12.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
},
{
"name": "39740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39740"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf"
},
{
"name": "39999",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39999"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input to ASP pages, as demonstrated using the backurl parameter to sdccommon/verify/asp/n6plugindestructor.asp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
},
{
"name": "39740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39740"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf"
},
{
"name": "39999",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39999"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input to ASP pages, as demonstrated using the backurl parameter to sdccommon/verify/asp/n6plugindestructor.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#602801",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"name": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html",
"refsource": "MISC",
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"name": "http://www.wintercore.com/downloads/rootedcon_0day.pdf",
"refsource": "MISC",
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
},
{
"name": "39740",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39740"
},
{
"name": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf",
"refsource": "CONFIRM",
"url": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf"
},
{
"name": "39999",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39999"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1905",
"datePublished": "2010-05-11T23:00:00.000Z",
"dateReserved": "2010-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:17:12.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1911 (GCVE-0-2010-1911)
Vulnerability from cvelistv5 – Published: 2010-05-11 23:00 – Updated: 2024-08-07 02:17
VLAI
Summary
The site-locking implementation in the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance relies on a list of server domain names to restrict execution of ActiveX controls, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a DNS hijacking attack.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/602801 | third-party-advisoryx_refsource_CERT-VN |
| http://wintercore.com/en/component/content/articl… | x_refsource_MISC |
| http://www.wintercore.com/downloads/rootedcon_0day.pdf | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/511176/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.consona.com/Content/CRM/Support/Securi… | x_refsource_CONFIRM |
Date Public
2010-05-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:12.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "consona-sdcwebsecurebase-code-exec(58608)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58608"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The site-locking implementation in the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance relies on a list of server domain names to restrict execution of ActiveX controls, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a DNS hijacking attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "consona-sdcwebsecurebase-code-exec(58608)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58608"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The site-locking implementation in the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance relies on a list of server domain names to restrict execution of ActiveX controls, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a DNS hijacking attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#602801",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"name": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html",
"refsource": "MISC",
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"name": "http://www.wintercore.com/downloads/rootedcon_0day.pdf",
"refsource": "MISC",
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "consona-sdcwebsecurebase-code-exec(58608)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58608"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
},
{
"name": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf",
"refsource": "CONFIRM",
"url": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1911",
"datePublished": "2010-05-11T23:00:00.000Z",
"dateReserved": "2010-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:17:12.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1908 (GCVE-0-2010-1908)
Vulnerability from cvelistv5 – Published: 2010-05-11 23:00 – Updated: 2024-08-07 02:17
VLAI
Summary
The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance does not properly restrict access to the HTTPDownloadFile, HTTPGetFile, Install, and RunCmd methods, which allows remote attackers to execute arbitrary programs via a URL in the url argument to (1) HTTPDownloadFile or (2) HTTPGetFile.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/39751 | third-party-advisoryx_refsource_SECUNIA |
| http://www.kb.cert.org/vuls/id/602801 | third-party-advisoryx_refsource_CERT-VN |
| http://wintercore.com/en/component/content/articl… | x_refsource_MISC |
| http://www.wintercore.com/downloads/rootedcon_0day.pdf | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/511176/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2010-05-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:12.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39751"
},
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance does not properly restrict access to the HTTPDownloadFile, HTTPGetFile, Install, and RunCmd methods, which allows remote attackers to execute arbitrary programs via a URL in the url argument to (1) HTTPDownloadFile or (2) HTTPGetFile."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39751"
},
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance does not properly restrict access to the HTTPDownloadFile, HTTPGetFile, Install, and RunCmd methods, which allows remote attackers to execute arbitrary programs via a URL in the url argument to (1) HTTPDownloadFile or (2) HTTPGetFile."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39751"
},
{
"name": "VU#602801",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"name": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html",
"refsource": "MISC",
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"name": "http://www.wintercore.com/downloads/rootedcon_0day.pdf",
"refsource": "MISC",
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1908",
"datePublished": "2010-05-11T23:00:00.000Z",
"dateReserved": "2010-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:17:12.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1906 (GCVE-0-2010-1906)
Vulnerability from cvelistv5 – Published: 2010-05-11 23:00 – Updated: 2024-08-07 02:17
VLAI
Summary
tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manager, Subscriber Activation, and Subscriber Agent relies on a predictable timestamp field to validate input to the \\.\pipe\__RepairService_pipe__company named pipe, which allows remote authenticated users to execute arbitrary code by obtaining the current time from (1) tcpip.sys or (2) an SMB2 service.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/39752 | third-party-advisoryx_refsource_SECUNIA |
| http://www.kb.cert.org/vuls/id/602801 | third-party-advisoryx_refsource_CERT-VN |
| http://wintercore.com/en/component/content/articl… | x_refsource_MISC |
| http://www.wintercore.com/downloads/rootedcon_0day.pdf | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/511176/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.consona.com/Content/CRM/Support/Securi… | x_refsource_CONFIRM |
Date Public
2010-05-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:12.396Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39752",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39752"
},
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manager, Subscriber Activation, and Subscriber Agent relies on a predictable timestamp field to validate input to the \\\\.\\pipe\\__RepairService_pipe__company named pipe, which allows remote authenticated users to execute arbitrary code by obtaining the current time from (1) tcpip.sys or (2) an SMB2 service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39752",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39752"
},
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair Manager, Subscriber Activation, and Subscriber Agent relies on a predictable timestamp field to validate input to the \\\\.\\pipe\\__RepairService_pipe__company named pipe, which allows remote authenticated users to execute arbitrary code by obtaining the current time from (1) tcpip.sys or (2) an SMB2 service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39752",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39752"
},
{
"name": "VU#602801",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"name": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html",
"refsource": "MISC",
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"name": "http://www.wintercore.com/downloads/rootedcon_0day.pdf",
"refsource": "MISC",
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
},
{
"name": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf",
"refsource": "CONFIRM",
"url": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1906",
"datePublished": "2010-05-11T23:00:00.000Z",
"dateReserved": "2010-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:17:12.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1910 (GCVE-0-2010-1910)
Vulnerability from cvelistv5 – Published: 2010-05-11 23:00 – Updated: 2024-08-07 02:17
VLAI
Summary
The Forgot Password implementation in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to reset passwords of accounts with blank Hint questions and Hint answers by sending an empty value for each of these two Hint fields.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/602801 | third-party-advisoryx_refsource_CERT-VN |
| http://wintercore.com/en/component/content/articl… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/511176/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/40003 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/39740 | third-party-advisoryx_refsource_SECUNIA |
| http://www.consona.com/Content/CRM/Support/Securi… | x_refsource_CONFIRM |
Date Public
2010-05-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:12.411Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
},
{
"name": "40003",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40003"
},
{
"name": "39740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39740"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Forgot Password implementation in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to reset passwords of accounts with blank Hint questions and Hint answers by sending an empty value for each of these two Hint fields."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
},
{
"name": "40003",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40003"
},
{
"name": "39740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39740"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1910",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Forgot Password implementation in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to reset passwords of accounts with blank Hint questions and Hint answers by sending an empty value for each of these two Hint fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#602801",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"name": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html",
"refsource": "MISC",
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
},
{
"name": "40003",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40003"
},
{
"name": "39740",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39740"
},
{
"name": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf",
"refsource": "CONFIRM",
"url": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1910",
"datePublished": "2010-05-11T23:00:00.000Z",
"dateReserved": "2010-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:17:12.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1913 (GCVE-0-2010-1913)
Vulnerability from cvelistv5 – Published: 2010-05-11 23:00 – Updated: 2024-08-07 02:17
VLAI
Summary
The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that includes the DNS hostnames of home computers of many persons, which allows remote attackers to bypass intended restrictions on ActiveX execution by hosting an ActiveX control on an applicable home web server.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/602801 | third-party-advisoryx_refsource_CERT-VN |
| http://wintercore.com/en/component/content/articl… | x_refsource_MISC |
| http://www.wintercore.com/downloads/rootedcon_0day.pdf | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/511176/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2010-05-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:12.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that includes the DNS hostnames of home computers of many persons, which allows remote attackers to bypass intended restrictions on ActiveX execution by hosting an ActiveX control on an applicable home web server."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that includes the DNS hostnames of home computers of many persons, which allows remote attackers to bypass intended restrictions on ActiveX execution by hosting an ActiveX control on an applicable home web server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#602801",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"name": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html",
"refsource": "MISC",
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"name": "http://www.wintercore.com/downloads/rootedcon_0day.pdf",
"refsource": "MISC",
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1913",
"datePublished": "2010-05-11T23:00:00.000Z",
"dateReserved": "2010-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:17:12.391Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1905 (GCVE-0-2010-1905)
Vulnerability from cvelistv5 – Published: 2010-05-11 23:00 – Updated: 2024-08-07 02:17
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input to ASP pages, as demonstrated using the backurl parameter to sdccommon/verify/asp/n6plugindestructor.asp.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/602801 | third-party-advisoryx_refsource_CERT-VN |
| http://wintercore.com/en/component/content/articl… | x_refsource_MISC |
| http://www.wintercore.com/downloads/rootedcon_0day.pdf | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/511176/100… | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/39740 | third-party-advisoryx_refsource_SECUNIA |
| http://www.consona.com/Content/CRM/Support/Securi… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/39999 | vdb-entryx_refsource_BID |
Date Public
2010-05-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:12.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
},
{
"name": "39740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39740"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf"
},
{
"name": "39999",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39999"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input to ASP pages, as demonstrated using the backurl parameter to sdccommon/verify/asp/n6plugindestructor.asp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
},
{
"name": "39740",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39740"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf"
},
{
"name": "39999",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39999"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input to ASP pages, as demonstrated using the backurl parameter to sdccommon/verify/asp/n6plugindestructor.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#602801",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"name": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html",
"refsource": "MISC",
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"name": "http://www.wintercore.com/downloads/rootedcon_0day.pdf",
"refsource": "MISC",
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
},
{
"name": "39740",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39740"
},
{
"name": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf",
"refsource": "CONFIRM",
"url": "http://www.consona.com/Content/CRM/Support/SecurityBulletin_April2010.pdf"
},
{
"name": "39999",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39999"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1905",
"datePublished": "2010-05-11T23:00:00.000Z",
"dateReserved": "2010-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:17:12.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1907 (GCVE-0-2010-1907)
Vulnerability from cvelistv5 – Published: 2010-05-11 23:00 – Updated: 2024-08-07 02:17
VLAI
Summary
The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to discover the username of the client user, and consequently determine a pathname to a certain user directory, via a call to the GetUserName method.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/602801 | third-party-advisoryx_refsource_CERT-VN |
| http://wintercore.com/en/component/content/articl… | x_refsource_MISC |
| http://www.wintercore.com/downloads/rootedcon_0day.pdf | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/511176/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2010-05-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:12.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to discover the username of the client user, and consequently determine a pathname to a certain user directory, via a call to the GetUserName method."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to discover the username of the client user, and consequently determine a pathname to a certain user directory, via a call to the GetUserName method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#602801",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"name": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html",
"refsource": "MISC",
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"name": "http://www.wintercore.com/downloads/rootedcon_0day.pdf",
"refsource": "MISC",
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1907",
"datePublished": "2010-05-11T23:00:00.000Z",
"dateReserved": "2010-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:17:12.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1912 (GCVE-0-2010-1912)
Vulnerability from cvelistv5 – Published: 2010-05-11 23:00 – Updated: 2024-08-07 02:17
VLAI
Summary
The SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to bypass intended restrictions on ActiveX execution via "instantiation/free attacks."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/602801 | third-party-advisoryx_refsource_CERT-VN |
| http://wintercore.com/en/component/content/articl… | x_refsource_MISC |
| http://www.wintercore.com/downloads/rootedcon_0day.pdf | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/511176/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2010-05-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:13.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
},
{
"name": "consona-sdcwebsecurebase-sec-bypass(58607)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58607"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to bypass intended restrictions on ActiveX execution via \"instantiation/free attacks.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
},
{
"name": "consona-sdcwebsecurebase-sec-bypass(58607)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58607"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to bypass intended restrictions on ActiveX execution via \"instantiation/free attacks.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#602801",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"name": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html",
"refsource": "MISC",
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"name": "http://www.wintercore.com/downloads/rootedcon_0day.pdf",
"refsource": "MISC",
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
},
{
"name": "consona-sdcwebsecurebase-sec-bypass(58607)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58607"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1912",
"datePublished": "2010-05-11T23:00:00.000Z",
"dateReserved": "2010-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:17:13.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1909 (GCVE-0-2010-1909)
Vulnerability from cvelistv5 – Published: 2010-05-11 23:00 – Updated: 2024-08-07 02:17
VLAI
Summary
Buffer overflow in the RunCmd method in the SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to execute arbitrary code via vectors involving "CreateProcess params." NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/39751 | third-party-advisoryx_refsource_SECUNIA |
| http://www.kb.cert.org/vuls/id/602801 | third-party-advisoryx_refsource_CERT-VN |
| http://wintercore.com/en/component/content/articl… | x_refsource_MISC |
| http://www.wintercore.com/downloads/rootedcon_0day.pdf | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/511176/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2010-05-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:12.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39751"
},
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the RunCmd method in the SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to execute arbitrary code via vectors involving \"CreateProcess params.\" NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39751"
},
{
"name": "VU#602801",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the RunCmd method in the SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to execute arbitrary code via vectors involving \"CreateProcess params.\" NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39751"
},
{
"name": "VU#602801",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/602801"
},
{
"name": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html",
"refsource": "MISC",
"url": "http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html"
},
{
"name": "http://www.wintercore.com/downloads/rootedcon_0day.pdf",
"refsource": "MISC",
"url": "http://www.wintercore.com/downloads/rootedcon_0day.pdf"
},
{
"name": "20100507 [Wintercore Research] Consona Products - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/511176/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1909",
"datePublished": "2010-05-11T23:00:00.000Z",
"dateReserved": "2010-05-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:17:12.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}