Dameware Development
Products
4- 7 CVEs
- 3 CVEs
- 2 CVEs
- 1 CVE
Recent CVEs
11| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-2345 | Cri | 0.71 | 9.8 | 0.51 | Mar 17, 2016 | Stack-based buffer overflow in dwrcs.exe in the dwmrcs daemon in SolarWinds DameWare Mini Remote Control 12.0 allows remote attackers to execute arbitrary code via a crafted string. | ||
| CVE-2019-3957 | Hig | 0.50 | 7.4 | 0.26 | Jun 7, 2019 | Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating RsaSignatureLen during key negotiation, which could crash the application or leak sensitive information. | ||
| CVE-2019-3955 | Hig | 0.50 | 7.5 | 0.19 | Jun 7, 2019 | Dameware Remote Mini Control version 12.1.0.34 and prior contains a unauthenticated remote heap overflow due to the server not properly validating RsaPubKeyLen during key negotiation. An unauthenticated remote attacker can cause a heap buffer overflow by specifying a large… | ||
| CVE-2019-3956 | Hig | 0.48 | 7.4 | 0.02 | Jun 7, 2019 | Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating CltDHPubKeyLen during key negotiation, which could crash the application or leak sensitive information. | ||
| CVE-2005-2842 | 0.05 | — | 0.21 | Sep 8, 2005 | Buffer overflow in dwrcs.exe in DameWare Mini Remote Control before 4.9.0 allows remote attackers to execute arbitrary code via the username. | |||
| CVE-2003-1030 | 0.04 | — | 0.17 | Feb 17, 2004 | Buffer overflow in DameWare Mini Remote Control before 3.73 allows remote attackers to execute arbitrary code via a long pre-authentication request to TCP port 6129. | |||
| CVE-2013-3249 | 0.00 | — | 0.06 | Mar 20, 2014 | Stack-based buffer overflow in the "Add from text file" feature in the DameWare Exporter tool (DWExporter.exe) in DameWare Remote Support 10.0.0.372, 9.0.1.247, and earlier allows user-assisted attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2005-1166 | 0.00 | — | 0.00 | May 2, 2005 | The DNTUS26 process in Dameware NT Utilities and the DWRCS process in MiniRemote Control 4.9 and earlier stores the username and password in cleartext in memory, which could allow attackers to obtain sensitive information. | |||
| CVE-2005-1088 | 0.00 | — | 0.00 | May 2, 2005 | Unknown vulnerability in DameWare NT Utilities 4.8 and earlier, and Mini Remote Control 4.8 and earlier, allows local users to gain additional rights. | |||
| CVE-2004-1851 | 0.00 | — | 0.01 | Mar 24, 2004 | Dameware Mini Remote Control 4.1.0.0 uses insufficiently random data to create the encryption key, which makes it easier for remote attackers to obtain sensitive information via brute force guessing. | |||
| CVE-2004-1852 | 0.00 | — | 0.01 | Mar 23, 2004 | DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 transmits the Blowfish encryption key in plaintext, which allows remote attackers to gain sensitive information. |
- risk 0.71cvss 9.8epss 0.51
Stack-based buffer overflow in dwrcs.exe in the dwmrcs daemon in SolarWinds DameWare Mini Remote Control 12.0 allows remote attackers to execute arbitrary code via a crafted string.
- risk 0.50cvss 7.4epss 0.26
Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating RsaSignatureLen during key negotiation, which could crash the application or leak sensitive information.
- risk 0.50cvss 7.5epss 0.19
Dameware Remote Mini Control version 12.1.0.34 and prior contains a unauthenticated remote heap overflow due to the server not properly validating RsaPubKeyLen during key negotiation. An unauthenticated remote attacker can cause a heap buffer overflow by specifying a large…
- risk 0.48cvss 7.4epss 0.02
Dameware Remote Mini Control version 12.1.0.34 and prior contains an unauthenticated remote buffer over-read due to the server not properly validating CltDHPubKeyLen during key negotiation, which could crash the application or leak sensitive information.
- CVE-2005-2842Sep 8, 2005risk 0.05cvss —epss 0.21
Buffer overflow in dwrcs.exe in DameWare Mini Remote Control before 4.9.0 allows remote attackers to execute arbitrary code via the username.
- CVE-2003-1030Feb 17, 2004risk 0.04cvss —epss 0.17
Buffer overflow in DameWare Mini Remote Control before 3.73 allows remote attackers to execute arbitrary code via a long pre-authentication request to TCP port 6129.
- CVE-2013-3249Mar 20, 2014risk 0.00cvss —epss 0.06
Stack-based buffer overflow in the "Add from text file" feature in the DameWare Exporter tool (DWExporter.exe) in DameWare Remote Support 10.0.0.372, 9.0.1.247, and earlier allows user-assisted attackers to execute arbitrary code via unspecified vectors.
- CVE-2005-1166May 2, 2005risk 0.00cvss —epss 0.00
The DNTUS26 process in Dameware NT Utilities and the DWRCS process in MiniRemote Control 4.9 and earlier stores the username and password in cleartext in memory, which could allow attackers to obtain sensitive information.
- CVE-2005-1088May 2, 2005risk 0.00cvss —epss 0.00
Unknown vulnerability in DameWare NT Utilities 4.8 and earlier, and Mini Remote Control 4.8 and earlier, allows local users to gain additional rights.
- CVE-2004-1851Mar 24, 2004risk 0.00cvss —epss 0.01
Dameware Mini Remote Control 4.1.0.0 uses insufficiently random data to create the encryption key, which makes it easier for remote attackers to obtain sensitive information via brute force guessing.
- CVE-2004-1852Mar 23, 2004risk 0.00cvss —epss 0.01
DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 transmits the Blowfish encryption key in plaintext, which allows remote attackers to gain sensitive information.