11 matches found
EUVD-2019-15745
Malware in sbrugna...
EUVD-2019-15727
Malware in sbrugna...
EUVD-2015-8000
Malware in sbrugna...
CVE-2019-6160
A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API...
Session fixation
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise...
Command injection
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "" characters in the share : name parameter. As a result, arbitrary commands may be executed as the root user. The...
Cross site request forgery (csrf)
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset. The application does...
CVE-2018-9079 Iomega and LenovoEMC NAS Web UI Vulnerabilities
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model DOM of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the...
CVE-2018-9075 Iomega and LenovoEMC NAS Web UI Vulnerabilities
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user...
Securely Configuring LenovoEMC NAS Devices - US
Lenovo Security Advisory: LEN-11575 Potential Impact: Access to stored data if security settings have not been configured Scope of Impact: Lenovo-specific Summary Description: In light of recent work by a security researcher, Lenovo would like to remind owners of older LenovoEMC consumer Network...
CVE-2015-8108
LenovoEMC LEN-3846 and CNVD-2016-02206 describe an information-disclosure vulnerability in the LenovoEMC EZ Media & Backup NAS management interface across multiple models (hm3, ix2/ix2-dl, ix4-300d, px12-400r/450r, px6-300d, px2-300d, px4-300r/400d/400r/300d). Before firmware 4.1.204.33661, unaut...