31 matches found
EUVD-2026-45039
SALTO ProAccess Space software using the tenancy feature / logical partition is vulnerable to a privilege escalation attack that could allow an authorized attacker to access any space managed by the affected product...
SALTO ProAccess Space
ADVISORY SUMMARY Successful exploitation of this vulnerability allows an authenticated attacker to escalate privileges and access spaces outside their assigned partition, within the same Salto ProAccess Space installation or system. Exploitation requires valid authenticated operator credentials...
EUVD-2019-9078
Malware in sbrugna...
EUVD-2019-9079
Malware in sbrugna...
EUVD-2019-9080
Malware in sbrugna...
EUVD-2019-9077
Malware in sbrugna...
CVE-2019-19457
SALTO ProAccess SPACE 5.4.3.0 allows XSS...
CVE-2019-19459
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary commands on the server...
CVE-2019-19460
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. An attacker who is able to exploit CVE-2019-19458 or CVE-2019-19459 is basically able to write to...
CVE-2019-19458
SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature...
CVE-2019-19458
SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature...
CVE-2019-19459
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary commands on the server...
CVE-2019-19457
SALTO ProAccess SPACE 5.4.3.0 allows XSS...
CVE-2019-19457
SALTO ProAccess SPACE 5.4.3.0 allows XSS...
CVE-2019-19458
SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature...
CVE-2019-19459
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary commands on the server...
Cross site scripting
SALTO ProAccess SPACE 5.4.3.0 allows XSS...
Directory traversal
SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature...
Design/Logic Flaw
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary commands on the server...
CVE-2019-19460
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. An attacker who is able to exploit CVE-2019-19458 or CVE-2019-19459 is basically able to write to...