Castlerock
Products
2- 6 CVEs
- 5 CVEs
Recent CVEs
11| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-11553 | Hig | 0.57 | 8.8 | 0.01 | Apr 9, 2020 | An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There is pervasive CSRF. | ||
| CVE-2015-6028 | Hig | 0.57 | 8.8 | 0.01 | Apr 10, 2017 | Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter. | ||
| CVE-2019-13494 | Hig | 0.54 | 7.8 | 0.04 | Jul 12, 2019 | nodeimp.exe in Castle Rock SNMPc before 9.0.12.1 and 10.x before 10.0.9 has a stack-based buffer overflow via a long variable string in a Map Objects text file. | ||
| CVE-2020-11557 | Hig | 0.49 | 7.5 | 0.01 | Apr 9, 2020 | An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It includes the username and password values in cleartext within each request's cookie value. | ||
| CVE-2020-11555 | Hig | 0.49 | 7.5 | 0.01 | Apr 9, 2020 | An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive credential information from backup files. | ||
| CVE-2020-11554 | Hig | 0.49 | 7.5 | 0.01 | Apr 9, 2020 | An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive information via info.php4. | ||
| CVE-2015-6027 | Med | 0.40 | 6.1 | 0.01 | Apr 10, 2017 | Castle Rock Computing SNMPc before 2015-12-17 has XSS via SNMP. | ||
| CVE-2020-11556 | Med | 0.35 | 5.4 | 0.01 | Apr 9, 2020 | An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There are multiple persistent (stored) and reflected XSS vulnerabilities. | ||
| CVE-2008-2214 | 0.04 | — | 0.09 | May 14, 2008 | Stack-based buffer overflow in the Network Manager in Castle Rock Computing SNMPc 7.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long community string in an SNMP TRAP packet. | |||
| CVE-2007-3098 | 0.03 | — | 0.04 | Jun 6, 2007 | The SNMPc Server (crserv.exe) process in Castle Rock Computing SNMPc before 7.0.19 allows remote attackers to cause a denial of service (crash) via a crafted packet to port 165/TCP. | |||
| CVE-2003-0745 | 0.00 | — | 0.02 | Oct 20, 2003 | SNMPc 6.0.8 and earlier performs authentication to the server on the client side, which allows remote attackers to gain privileges by decrypting the password that is returned by the server. |
- risk 0.57cvss 8.8epss 0.01
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There is pervasive CSRF.
- risk 0.57cvss 8.8epss 0.01
Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter.
- risk 0.54cvss 7.8epss 0.04
nodeimp.exe in Castle Rock SNMPc before 9.0.12.1 and 10.x before 10.0.9 has a stack-based buffer overflow via a long variable string in a Map Objects text file.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It includes the username and password values in cleartext within each request's cookie value.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive credential information from backup files.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive information via info.php4.
- risk 0.40cvss 6.1epss 0.01
Castle Rock Computing SNMPc before 2015-12-17 has XSS via SNMP.
- risk 0.35cvss 5.4epss 0.01
An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There are multiple persistent (stored) and reflected XSS vulnerabilities.
- CVE-2008-2214May 14, 2008risk 0.04cvss —epss 0.09
Stack-based buffer overflow in the Network Manager in Castle Rock Computing SNMPc 7.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long community string in an SNMP TRAP packet.
- CVE-2007-3098Jun 6, 2007risk 0.03cvss —epss 0.04
The SNMPc Server (crserv.exe) process in Castle Rock Computing SNMPc before 7.0.19 allows remote attackers to cause a denial of service (crash) via a crafted packet to port 165/TCP.
- CVE-2003-0745Oct 20, 2003risk 0.00cvss —epss 0.02
SNMPc 6.0.8 and earlier performs authentication to the server on the client side, which allows remote attackers to gain privileges by decrypting the password that is returned by the server.