VYPR
Vendor

Sec Consult

Products
3
CVEs
10
Across products
10
Status
Private

Products

3

Recent CVEs

10
  • CVE-2020-27183CriOct 27, 2020
    risk 0.64cvss 9.8epss 0.01

    A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact.

  • CVE-2020-27179CriOct 27, 2020
    risk 0.64cvss 9.8epss 0.01

    konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens.

  • CVE-2025-48416HigMay 21, 2025
    risk 0.53cvss 8.1epss 0.01

    An OpenSSH daemon listens on TCP port 22. There is a hard-coded entry in the "/etc/shadow" file in the firmware image for the "root" user. However, in the default SSH configuration the "PermitRootLogin" is disabled, preventing the root user from logging in via SSH. This…

  • CVE-2018-19233HigDec 20, 2018
    risk 0.51cvss 7.8epss 0.01

    COMPAREX Miss Marple Enterprise Edition before 2.0 allows local users to execute arbitrary code by reading the user name and encrypted password hard-coded in an Inventory Agent configuration file.

  • CVE-2025-48413HigMay 21, 2025
    risk 0.50cvss 7.7epss 0.00

    The `/etc/passwd` and `/etc/shadow` files reveal hard-coded password hashes for the operating system "root" user. The credentials are shipped with the update files. There is no option for deleting or changing their passwords for an enduser. An attacker can use the credentials to…

  • CVE-2020-27180HigOct 27, 2020
    risk 0.49cvss 7.5epss 0.01

    konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter.

  • CVE-2025-48417MedMay 21, 2025
    risk 0.42cvss 6.5epss 0.00

    The certificate and private key used for providing transport layer security for connections to the web interface (TCP port 443) is hard-coded in the firmware and are shipped with the update files. An attacker can use the private key to perform man-in-the-middle attacks against…

  • CVE-2025-48414MedMay 21, 2025
    risk 0.42cvss 6.5epss 0.00

    There are several scripts in the web interface that are accessible via undocumented hard-coded credentials. The scripts provide access to additional administrative/debug functionality and are likely intended for debugging during development and provides an additional attack…

  • CVE-2025-48415MedMay 21, 2025
    risk 0.40cvss 6.2epss 0.00

    A USB backdoor feature can be triggered by attaching a USB drive that contains specially crafted "salia.ini" files. The .ini file can contain several "commands" that could be exploited by an attacker to export or modify the device configuration, enable an SSH backdoor  or…

  • CVE-2020-27182MedOct 27, 2020
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publiXone before 2020.015 allow remote attackers to inject arbitrary JavaScript or HTML via appletError.jsp, job_jacket_detail.jsp, ixedit/editor_component.jsp, or the login form.