6 matches found
EUVD-2019-2737
Malware in sbrugna...
CVE-2019-11029
Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Download method of AutoUpdateService in SMServer.exe, leading to Directory Traversal. An attacker could use ..\ with this method to iterate over lists of interesting system files and download them without previous authentication. This...
CVE-2019-11029
Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Download method of AutoUpdateService in SMServer.exe, leading to Directory Traversal. An attacker could use ..\ with this method to iterate over lists of interesting system files and download them without previous authentication. This...
Directory traversal
Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Download method of AutoUpdateService in SMServer.exe, leading to Directory Traversal. An attacker could use ..\ with this method to iterate over lists of interesting system files and download them without previous authentication. This...
CVE-2019-11029
Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Download method of AutoUpdateService in SMServer.exe, leading to Directory Traversal. An attacker could use ..\ with this method to iterate over lists of interesting system files and download them without previous authentication. This...
CVE-2019-11029
CVE-2019-11029 affects Mirasys VMS before V7.6.1 and 8.x before V8.3.2. It arises from mishandling the Download() method of AutoUpdateService in SMServer.exe, enabling Directory Traversal via the ..\ path to enumerate and download files without authentication (e.g., SAM backups, Web.config). The ...