16 matches found
EUVD-2019-2737
Malware in sbrugna...
EUVD-2019-2738
Malware in sbrugna...
EUVD-2019-2739
Malware in sbrugna...
CVE-2019-11030
Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys.Common.Utils.Security.DataCrypt method in Common.dll in AuditTrailService in SMServer.exe. This method triggers insecure deserialization within the .NET garbage collector, in which a gadget contained in a serialized object may...
CVE-2019-11031
Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the auto-update feature of IDVRUpdateService2 in DVRServer.exe. An attacker can upload files with a Setup-Files action, and then execute these files with SYSTEM privileges...
CVE-2019-11029
Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Download method of AutoUpdateService in SMServer.exe, leading to Directory Traversal. An attacker could use ..\ with this method to iterate over lists of interesting system files and download them without previous authentication. This...
CVE-2019-11029
Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Download method of AutoUpdateService in SMServer.exe, leading to Directory Traversal. An attacker could use ..\ with this method to iterate over lists of interesting system files and download them without previous authentication. This...
CVE-2019-11030
Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys.Common.Utils.Security.DataCrypt method in Common.dll in AuditTrailService in SMServer.exe. This method triggers insecure deserialization within the .NET garbage collector, in which a gadget contained in a serialized object may...
Directory traversal
Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Download method of AutoUpdateService in SMServer.exe, leading to Directory Traversal. An attacker could use ..\ with this method to iterate over lists of interesting system files and download them without previous authentication. This...
Code injection
Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the auto-update feature of IDVRUpdateService2 in DVRServer.exe. An attacker can upload files with a Setup-Files action, and then execute these files with SYSTEM privileges...
Deserialization of untrusted data
Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys.Common.Utils.Security.DataCrypt method in Common.dll in AuditTrailService in SMServer.exe. This method triggers insecure deserialization within the .NET garbage collector, in which a gadget contained in a serialized object may...
CVE-2019-11031
Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the auto-update feature of IDVRUpdateService2 in DVRServer.exe. An attacker can upload files with a Setup-Files action, and then execute these files with SYSTEM privileges...
CVE-2019-11030
Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Mirasys.Common.Utils.Security.DataCrypt method in Common.dll in AuditTrailService in SMServer.exe. This method triggers insecure deserialization within the .NET garbage collector, in which a gadget contained in a serialized object may...
CVE-2019-11030
Mirasys VMS (before v7.6.1 and before v8.3.2) is affected by CVE-2019-11030 due to insecure deserialization in Mirasys.Common.Utils.Security.DataCrypt within Common.dll (AuditTrailService in SMServer.exe). The vulnerability allows execution of a gadget contained in a serialized object with SYSTEM...
CVE-2019-11029
CVE-2019-11029 affects Mirasys VMS before V7.6.1 and 8.x before V8.3.2. It arises from mishandling the Download() method of AutoUpdateService in SMServer.exe, enabling Directory Traversal via the ..\ path to enumerate and download files without authentication (e.g., SAM backups, Web.config). The ...
CVE-2019-11029
Mirasys VMS before V7.6.1 and 8.x before V8.3.2 mishandles the Download method of AutoUpdateService in SMServer.exe, leading to Directory Traversal. An attacker could use ..\ with this method to iterate over lists of interesting system files and download them without previous authentication. This...