1207 matches found
The vulnerability in the web interface of the Kaspersky Anti-Virus for Linux File Server allows a malicious actor to send authenticated requests.
The vulnerability of the Kaspersky Anti-Virus for Linux File Server web interface is related to the absence of Anti-CSRF tokens in all forms of the interface. Exploiting this vulnerability allows a malicious actor to send authenticated requests during the time when the authenticated user is viewi...
The vulnerability of the scriptName parameter in the licenseKeyInfo method of the Kaspersky Anti-Virus for Linux File Server security tool allows a hacker to obtain files from the attacked system.
The vulnerability of the scriptName parameter in the licenseKeyInfo method of the Kaspersky Anti-Virus for Linux File Server security tool exists due to the lack of measures taken to protect the web page structure. Exploiting this vulnerability can allow a malicious actor, operating remotely, to...
Kaspersky Anti-Virus for Linux File Server getReportStatus Directory Traversal (CVE-2017-9812)
A directory traversal vulnerability exists in Kaspersky Anti-Virus for Linux File Server. The vulnerability is due to a lack of proper validation of a user-supplied path when a request is sent to check the status of a report. A remote, authenticated attacker can exploit this vulnerability by...
Directory Traversal
Overview intsol-package is a file server. intsol-package is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Example Request: GET /../../../../../../../../../../etc/passwd HTTP/1.1 host:localhost and the server's Response HTTP/1.1...
CVE-2017-9813
In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312, the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting XSS...
CVE-2017-9811
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312. By abusing the quarantine read and write operations, it is possible to elevate the privileges to root...
Cross site request forgery (csrf)
There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312. This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain...
CVE-2017-9811
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312. By abusing the quarantine read and write operations, it is possible to elevate the privileges to root...
CVE-2017-9812
The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312 to read arbitrary files with kluser privileges...
Code injection
The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312 to read arbitrary files with kluser privileges...
CVE-2017-9812
The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312 to read arbitrary files with kluser privileges...
CVE-2017-9810
There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312. This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain...
CVE-2017-9810
There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312. This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain...
CVE-2017-9813
In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312, the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting XSS...
CVE-2017-9812
CVE-2017-9812 affects Kaspersky Anti-Virus for Linux File Server. The web UI’s getReportStatus endpoint accepts a reportId that can be abused via directory traversal to read arbitrary files with the kluser privileges. Core Security and related advisories corroborate a path traversal vulnerability...
CVE-2017-9813
CVE-2017-9813 relates to a reflected cross-site scripting vulnerability in the Kaspersky Anti-Virus for Linux File Server Web Management Console. Specifically, the scriptName parameter of the licenseKeyInfo action method is vulnerable to XSS in versions prior to Maintenance Pack 2 Critical Fix 4 ...
CVE-2017-9811
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312. By abusing the quarantine read and write operations, it is possible to elevate the privileges to root...
CVE-2017-9811
CVE-2017-9811 is part of a set of vulnerabilities in Kaspersky Anti-Virus for Linux File Server 8.0.3.297 (Web Management Console). Core Security reports a root-privilege elevation by abusing the kav4fs-control quarantine read/write path, enabling code execution as root via the quarantine functio...
CVE-2017-9810
CVE-2017-9810 affects Kaspersky Anti-Virus for Linux File Server Web Management Console (Kaspersky, 8.0.x). The root cause is absence of Anti-CSRF tokens in forms, enabling CSRF to submit authenticated requests when a user browses attacker-controlled domains. CORE-2017-0003 describes associated i...
CVE-2017-9812
The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312 to read arbitrary files with kluser privileges...