EUVD-2019-18883

Malware in sbrugna...

Vertiv Avocent UMG-4000 Web Interface Cross-Site Scripting Vulnerability (CNVD-2020-25873)

The Vertiv Avocent UMG-4000 is a Universal Management Gateway appliance from Vertiv Technologies Vertiv. It supports real-time management, monitoring, access and control of IT devices and infrastructure. A cross-site scripting vulnerability exists in the web interface of the Vertiv Avocent UMG-40...

Vertiv Avocent UMG-4000 Web Interface Cross-Site Scripting Vulnerability

The Vertiv Avocent UMG-4000 is a Universal Management Gateway appliance from Vertiv Technologies Vertiv. It supports real-time management, monitoring, access and control of IT devices and infrastructure. A cross-site scripting vulnerability exists in the HTTP POST parameter of the web interface i...

Vertiv Avocent UMG-4000 Web Interface OS Command Injection Vulnerability

The Vertiv Avocent UMG-4000 is a Universal Management Gateway appliance from Vertiv Technologies Vertiv. It supports real-time management, monitoring, access and control of IT devices and infrastructure. An operating system command injection vulnerability exists in the web interface of the Vertiv...

CVE-2019-9507

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to command injection because the application incorrectly neutralizes code syntax before executing. Since all commands within the web application are executed as root, this could allow a remote attacker authenticated...

CVE-2019-9507

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to command injection because the application incorrectly neutralizes code syntax before executing. Since all commands within the web application are executed as root, this could allow a remote attacker authenticated...

CVE-2019-9508

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to stored XSS. A remote attacker authenticated with an administrator account could store a maliciously named file within the web application that would execute each time a user browsed to the page...

CVE-2019-9508

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to stored XSS. A remote attacker authenticated with an administrator account could store a maliciously named file within the web application that would execute each time a user browsed to the page...

CVE-2019-9509

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected XSS in an HTTP POST parameter. The web application does not neutralize user-controllable input before displaying to users in a web page, which could allow a remote attacker authenticated with a user accou...

Command injection

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to command injection because the application incorrectly neutralizes code syntax before executing. Since all commands within the web application are executed as root, this could allow a remote attacker authenticated...

Cross site scripting

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected XSS in an HTTP POST parameter. The web application does not neutralize user-controllable input before displaying to users in a web page, which could allow a remote attacker authenticated with a user accou...

Cross site scripting

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to stored XSS. A remote attacker authenticated with an administrator account could store a maliciously named file within the web application that would execute each time a user browsed to the page...

CVE-2019-9509

The CVE-2019-9509 entry concerns the Vertiv Avocent UMG-4000 web interface (version 4.2.1.19). The vulnerability is a reflected XSS in an HTTP POST parameter, where the web application does not neutralize user-supplied input before rendering on a page. An attacker authenticated with a user accoun...

CVE-2019-9509 The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected cross site scripting

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected XSS in an HTTP POST parameter. The web application does not neutralize user-controllable input before displaying to users in a web page, which could allow a remote attacker authenticated with a user accou...

CVE-2019-9508 Vertiv Avocent UMG-4000 version 4.2.1.19 web interface is vulnerable to stored cross site scripting

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to stored XSS. A remote attacker authenticated with an administrator account could store a maliciously named file within the web application that would execute each time a user browsed to the page...

CVE-2019-9507 The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to arbitrary remote code execution

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to command injection because the application incorrectly neutralizes code syntax before executing. Since all commands within the web application are executed as root, this could allow a remote attacker authenticated...

CVE-2019-9507

The CVE-2019-9507 issue affects Vertiv Avocent UMG-4000 web interface (version 4.2.1.19). The vulnerability is an OS command injection in the web UI, where commands are executed with root privileges after input is not properly sanitized, enabling an authenticated administrator to run arbitrary co...