GCVE - cpe:2.3:a:consona:consona_dynamic_agent:-:-:support:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:consona:consona_dynamic_agent:-:-:support:*:*:*:*:*

part: a version: - update: -

Vendor	Consona (`4ed9ad89-e260-52a4-8564-39bb9b68db88`)
Product	Consona Dynamic Agent (`66a1bb3e-2729-5522-8975-93c2b27fa75b`)
Edition	support
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2010-1913`	vulnerable	2026-06-08 04:54:10.938955	Details available The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that includes the DNS hostnames of home computers of many persons, which allows remote attackers to bypass intended restrictions on ActiveX execution by hosting an ActiveX control on an applicable home web server. Published: 2010-05-11T23:00:00.000Z Updated: 2024-08-07T02:17:12.391Z Open on db.gcve.eu Reference links http://www.kb.cert.org/vuls/id/602801 http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html http://www.wintercore.com/downloads/rootedcon_0day.pdf http://www.securityfocus.com/archive/1/511176/100/0/threaded	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-1912`	vulnerable	2026-06-08 04:54:10.938567	Details available The SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to bypass intended restrictions on ActiveX execution via "instantiation/free attacks." Published: 2010-05-11T23:00:00.000Z Updated: 2024-08-07T02:17:13.139Z Open on db.gcve.eu Reference links http://www.kb.cert.org/vuls/id/602801 http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html http://www.wintercore.com/downloads/rootedcon_0day.pdf http://www.securityfocus.com/archive/1/511176/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/58607	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-1911`	vulnerable	2026-06-08 04:54:10.938036	Details available The site-locking implementation in the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance relies on a list of server domain names to restrict execution of ActiveX controls, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a DNS hijacking attack. Published: 2010-05-11T23:00:00.000Z Updated: 2024-08-07T02:17:12.156Z Open on db.gcve.eu Reference links http://www.kb.cert.org/vuls/id/602801 http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html http://www.wintercore.com/downloads/rootedcon_0day.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/58608 http://www.securityfocus.com/archive/1/511176/100/0/threaded	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-1910`	vulnerable	2026-06-08 04:54:10.937606	Details available The Forgot Password implementation in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to reset passwords of accounts with blank Hint questions and Hint answers by sending an empty value for each of these two Hint fields. Published: 2010-05-11T23:00:00.000Z Updated: 2024-08-07T02:17:12.411Z Open on db.gcve.eu Reference links http://www.kb.cert.org/vuls/id/602801 http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html http://www.securityfocus.com/archive/1/511176/100/0/threaded http://www.securityfocus.com/bid/40003 http://secunia.com/advisories/39740	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-1909`	vulnerable	2026-06-08 04:54:10.937110	Details available Buffer overflow in the RunCmd method in the SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to execute arbitrary code via vectors involving "CreateProcess params." NOTE: some of these details are obtained from third party information. Published: 2010-05-11T23:00:00.000Z Updated: 2024-08-07T02:17:12.164Z Open on db.gcve.eu Reference links http://secunia.com/advisories/39751 http://www.kb.cert.org/vuls/id/602801 http://wintercore.com/en/component/content/article/7-media/18-wintercore-releases-an-advisory-for-consona-products.html http://www.wintercore.com/downloads/rootedcon_0day.pdf http://www.securityfocus.com/archive/1/511176/100/0/threaded	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-1908`	vulnerable	2026-06-08 04:54:10.936702	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-1907`	vulnerable	2026-06-08 04:54:10.936264	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-1906`	vulnerable	2026-06-08 04:54:10.933674	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2010-1905`	vulnerable	2026-06-08 04:54:10.932379	db.gcve.eu details were skipped to keep the page responsive. Open on db.gcve.eu	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Consona Dynamic Agent

PURL mappings

Vulnerability references

Contribute