1201 matches found
CVE-2017-9810
There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312. This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain...
Code injection
The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312 to read arbitrary files with kluser privileges...
CVE-2017-9812
The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312 to read arbitrary files with kluser privileges...
CVE-2017-9812
The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312 to read arbitrary files with kluser privileges...
Cross site request forgery (csrf)
There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312. This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain...
CVE-2017-9811
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312. By abusing the quarantine read and write operations, it is possible to elevate the privileges to root...
CVE-2017-9810
CVE-2017-9810 affects Kaspersky Anti-Virus for Linux File Server Web Management Console (Kaspersky, 8.0.x). The root cause is absence of Anti-CSRF tokens in forms, enabling CSRF to submit authenticated requests when a user browses attacker-controlled domains. CORE-2017-0003 describes associated i...
CVE-2017-9811
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312. By abusing the quarantine read and write operations, it is possible to elevate the privileges to root...
CVE-2017-9812
CVE-2017-9812 affects Kaspersky Anti-Virus for Linux File Server. The web UI’s getReportStatus endpoint accepts a reportId that can be abused via directory traversal to read arbitrary files with the kluser privileges. Core Security and related advisories corroborate a path traversal vulnerability...
CVE-2017-9813
In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312, the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting XSS...
CVE-2017-9811
CVE-2017-9811 is part of a set of vulnerabilities in Kaspersky Anti-Virus for Linux File Server 8.0.3.297 (Web Management Console). Core Security reports a root-privilege elevation by abusing the kav4fs-control quarantine read/write path, enabling code execution as root via the quarantine functio...
CVE-2017-9813
CVE-2017-9813 relates to a reflected cross-site scripting vulnerability in the Kaspersky Anti-Virus for Linux File Server Web Management Console. Specifically, the scriptName parameter of the licenseKeyInfo action method is vulnerable to XSS in versions prior to Maintenance Pack 2 Critical Fix 4 ...
CVE-2017-9812
The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312 to read arbitrary files with kluser privileges...
CVE-2017-9810
There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312. This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain...
Kaspersky Anti-Virus for Linux File Server Reflective Cross-Site Scripting Vulnerability
Kaspersky Anti-Virus for Linux File Server is designed to provide antivirus protection for file servers running under the Linux operating system. A reflected cross-site scripting vulnerability exists in Kaspersky Anti-Virus for Linux File Server. The vulnerability allows an attacker to execute...
Kaspersky Anti-Virus for Linux File Server Cross-Site Request Forgery Vulnerability
Kaspersky Anti-Virus for Linux File Server is designed to provide antivirus protection for file servers running under the Linux operating system. A cross-site request forgery vulnerability exists in Kaspersky Anti-Virus for Linux File Server. This allows an attacker to submit authenticated reques...
Kaspersky Anti-Virus for Linux File Server Elevation of Privilege Vulnerability
Kaspersky Anti-Virus for Linux File Server is designed to provide antivirus protection for file servers running under the Linux operating system. An elevation of privilege vulnerability exists in Kaspersky Anti-Virus for Linux File Server. The vulnerability allows attackers to exploit an elevatio...
Kaspersky Anti-Virus for Linux File Server Path Traversal Vulnerability
Kaspersky Anti-Virus for Linux File Server is designed to provide antivirus protection for file servers running under the Linux operating system. A path traversal vulnerability exists in Kaspersky Anti-Virus for Linux File Server. The vulnerability allows an attacker to read arbitrary files with...
Kaspersky Anti-Virus File Server 8.0.3.297 XSS / CSRF / Code Execution
Advisory Information Title: Kaspersky Anti-Virus File Server Multiple Vulnerabilities Advisory ID: CORE-2017-0003 Advisory URL: http://www.coresecurity.com/advisories/Kaspersky-Anti-Virus-File-Server-Multiple-Vulnerabilities Date published: 2017-06-28 Date of last update: 2017-06-28 Vendors...
Kaspersky Anti-Virus File Server 8.0.3.297 - Multiple Vulnerabilities
Advisory Information Title: Kaspersky Anti-Virus File Server Multiple Vulnerabilities Advisory ID: CORE-2017-0003 Advisory URL: http://www.coresecurity.com/advisories/Kaspersky-Anti-Virus-File-Server-Multiple-Vulnerabilities Date published: 2017-06-28 Date of last update: 2017-06-28 Vendors...