Nexus Concepts Dev Hound 2.24 and earlier stores username and password information in cleartext in the devhound.tdbd file, which allows local users to gain privileges.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nexus_concepts | dev_hound | 2.01 |
| nexus_concepts | dev_hound | 2.13 |
| nexus_concepts | dev_hound | 2.02 |
| nexus_concepts | dev_hound | 2.12 |
| nexus_concepts | dev_hound | 2.20 |
| nexus_concepts | dev_hound | 1.51 |
| nexus_concepts | dev_hound | 2.03 |
| nexus_concepts | dev_hound | 2.21 |
| nexus_concepts | dev_hound | 2.11 |
| nexus_concepts | dev_hound | 2.04 |
| nexus_concepts | dev_hound | 1.61 |
| nexus_concepts | dev_hound | 1.60 |
| nexus_concepts | dev_hound | 2.22 |
| nexus_concepts | dev_hound | 2.23 |
| nexus_concepts | dev_hound | 1.50 |
| nexus_concepts | dev_hound | 2.10 |
| nexus_concepts | dev_hound | 1.52 |
| nexus_concepts | dev_hound | 2.0 |
| nexus_concepts | dev_hound | 1.81 |
| nexus_concepts | dev_hound | 1.70 |
| nexus_concepts | dev_hound | 2.24 |
| nexus_concepts | dev_hound | 1.80 |
Multiple cross-site scripting (XSS) vulnerabilities in Nexus Concepts Dev Hound 2.24 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple unspecified user input fields.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nexus_concepts | dev_hound | 2.01 |
| nexus_concepts | dev_hound | 2.13 |
| nexus_concepts | dev_hound | 2.02 |
| nexus_concepts | dev_hound | 2.12 |
| nexus_concepts | dev_hound | 2.20 |
| nexus_concepts | dev_hound | 1.51 |
| nexus_concepts | dev_hound | 2.03 |
| nexus_concepts | dev_hound | 2.21 |
| nexus_concepts | dev_hound | 2.11 |
| nexus_concepts | dev_hound | 2.04 |
| nexus_concepts | dev_hound | 1.61 |
| nexus_concepts | dev_hound | 1.60 |
| nexus_concepts | dev_hound | 2.22 |
| nexus_concepts | dev_hound | 2.23 |
| nexus_concepts | dev_hound | 1.50 |
| nexus_concepts | dev_hound | 2.10 |
| nexus_concepts | dev_hound | 1.52 |
| nexus_concepts | dev_hound | 2.0 |
| nexus_concepts | dev_hound | 1.81 |
| nexus_concepts | dev_hound | 1.70 |
| nexus_concepts | dev_hound | 2.24 |
| nexus_concepts | dev_hound | 1.80 |
Nexus Concepts Dev Hound 2.24 and earlier allows remote attackers to obtain the installation path via a URL containing a non-existent .dll file.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| nexus_concepts | dev_hound | 2.01 |
| nexus_concepts | dev_hound | 2.13 |
| nexus_concepts | dev_hound | 2.02 |
| nexus_concepts | dev_hound | 2.12 |
| nexus_concepts | dev_hound | 2.20 |
| nexus_concepts | dev_hound | 1.51 |
| nexus_concepts | dev_hound | 2.03 |
| nexus_concepts | dev_hound | 2.21 |
| nexus_concepts | dev_hound | 2.11 |
| nexus_concepts | dev_hound | 2.04 |
| nexus_concepts | dev_hound | 1.61 |
| nexus_concepts | dev_hound | 1.60 |
| nexus_concepts | dev_hound | 2.22 |
| nexus_concepts | dev_hound | 2.23 |
| nexus_concepts | dev_hound | 1.50 |
| nexus_concepts | dev_hound | 2.10 |
| nexus_concepts | dev_hound | 1.52 |
| nexus_concepts | dev_hound | 2.0 |
| nexus_concepts | dev_hound | 1.81 |
| nexus_concepts | dev_hound | 1.70 |
| nexus_concepts | dev_hound | 2.24 |
| nexus_concepts | dev_hound | 1.80 |