16 matches found
EUVD-2020-9338
Malware in sbrugna...
EUVD-2020-9337
Malware in sbrugna...
Cellopoint Cellos Server-Side Request Forgery Vulnerability
Cellos is a Linux-based operating system optimized for mail security and mail scanning performance by Cellopoint. A server-side request forgery vulnerability exists in Cellopoint Cellos 4.1.10 Build 20190922. The vulnerability stems from the product's failure to properly validate incoming URLs,...
Cellopoint Cellos Path Traversal Vulnerability
Cellos is a Linux-based operating system optimized for mail security and mail scanning performance by Cellopoint. A path traversal vulnerability exists in Cellopoint Cellos 4.1.10 Build 20190922. The vulnerability stems from the product failing to properly validate an incoming URL, which can be...
Cellopoint Cellos Remote Command Execution Vulnerability
Cellos is a Linux-based operating system optimized for mail security and mail scanning performance by Cellopoint. A remote command execution vulnerability exists in Cellopoint Cellos 4.1.10 Build 20190922. The vulnerability stems from the product's failure to properly validate incoming URLs, whic...
CVE-2020-17385
Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly, which allows unauthorized user to launch Path Traversal attack and access arbitrate file on the system...
CVE-2020-17384
Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system...
Design/Logic Flaw
Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of an authenticated user, attackers can temper with the URL parameter and access arbitrary file on system...
Path traversal
Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly, which allows unauthorized user to launch Path Traversal attack and access arbitrate file on the system...
Information disclosure
Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system...
CVE-2020-17385
Affected software: Cellopoint CelloOS v4.1.10 Build 20190922. Issue: improper validation of URL input enables a Path Traversal attack to access arbitrary files on the system (CVE-2020-17385). Severity: CVSSv3.1 base score 7.5 (HIGH); attack vector NETWORK, privileges NONE, no user interaction. Pu...
CVE-2020-17386
Cellopoint Cellos/CelloOS vulnerability CVE-2020-17386: improper validation of URL input allows an authenticated user to tamper with a URL parameter via cookies and access arbitrary files on the system (SSRF). Affected product/version: Cellopoint CelloOS/Cellos v4.1.10 Build 20190922. Impact indi...
CVE-2020-17384
Affected product: Cellopoint CelloOS v4.1.10 Build 20190922. Root cause: improper validation of URL input, enabling remote command execution. Exploitation requires the attacker to possess the system administrator’s cookie, leading to arbitrary command execution on the system. CVSS data indicates ...
PT-2020-14936 · Cellopoint · Cellopoint Cellos
Name of the Vulnerable Software and Affected Versions: Cellopoint Cellos version 4.1.10 Build 20190922 Description: The issue allows unauthorized users to launch a Path Traversal attack due to improper validation of URL input, enabling access to arbitrary files on the system. Recommendations: For...
PT-2020-14935 · Cellopoint · Cellopoint Cellos
Name of the Vulnerable Software and Affected Versions: Cellopoint Cellos version 4.1.10 Build 20190922 Description: The issue arises from improper validation of URL input. An attacker can exploit this by injecting and remotely executing arbitrary commands to manipulate the system, provided they...
PT-2020-14937 · Cellopoint · Cellopoint Cellos
Name of the Vulnerable Software and Affected Versions: Cellopoint Cellos version 4.1.10 Build 20190922 Description: The issue concerns improper validation of URL input. An attacker can manipulate the URL parameter using the cookie of an authenticated user to access arbitrary files on the system...