Vulnerabilities > Mobatek > Mobaxterm > 10.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-06 | CVE-2022-38336 | Improper Authentication vulnerability in Mobatek Mobaxterm An access control issue in MobaXterm before v22.1 allows attackers to make connections to the server via the SSH or SFTP protocols without authentication. | 8.1 |
2022-12-06 | CVE-2022-38337 | Use of Hard-coded Credentials vulnerability in Mobatek Mobaxterm When aborting a SFTP connection, MobaXterm before v22.1 sends a hardcoded password to the server. | 9.1 |
2021-06-03 | CVE-2021-28847 | Unspecified vulnerability in Mobatek Mobaxterm MobaXterm before 21.0 allows remote servers to cause a denial of service (Windows GUI hang) via tab title change requests that are sent repeatedly at high speed, which results in many SetWindowTextA or SetWindowTextW calls. | 5.0 |
2017-10-16 | CVE-2017-15376 | Code Injection vulnerability in Mobatek Mobaxterm 10.4 The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote attackers to execute arbitrary commands via TCP port 23. | 10.0 |