15 matches found
EUVD-2021-24609
Malware in sbrugna...
CVE-2021-38136
Corero SecureWatch Managed Services 9.7.2.0020 is affected by a Path Traversal vulnerability via the snapfile parameter in the /it-IT/splunkd/raw/services/getsnapshot HTTP API endpoint. A ‘low privileged’ attacker can read any file on the target host...
CVE-2021-38137
Corero SecureWatch Managed Services 9.7.2.0020 does not correctly check swa-monitor and cns-monitor user’s privileges, allowing a user to perform actions not belonging to his role...
CVE-2021-38136
Corero SecureWatch Managed Services 9.7.2.0020 is affected by a Path Traversal vulnerability via the snapfile parameter in the /it-IT/splunkd/raw/services/getsnapshot HTTP API endpoint. A ‘low privileged’ attacker can read any file on the target host...
CVE-2021-38137
Corero SecureWatch Managed Services 9.7.2.0020 does not correctly check swa-monitor and cns-monitor user’s privileges, allowing a user to perform actions not belonging to his role...
CVE-2021-38137
Corero SecureWatch Managed Services 9.7.2.0020 does not correctly check swa-monitor and cns-monitor user’s privileges, allowing a user to perform actions not belonging to his role...
Path traversal
Corero SecureWatch Managed Services 9.7.2.0020 is affected by a Path Traversal vulnerability via the snapfile parameter in the /it-IT/splunkd/raw/services/getsnapshot HTTP API endpoint. A ‘low privileged’ attacker can read any file on the target host...
Design/Logic Flaw
Corero SecureWatch Managed Services 9.7.2.0020 does not correctly check swa-monitor and cns-monitor user’s privileges, allowing a user to perform actions not belonging to his role...
CVE-2021-38136
CVE-2021-38136 affects Corero SecureWatch Managed Services 9.7.2.0020. The vulnerability is a Path Traversal via the snap_file parameter in the /it-IT/splunkd/__raw/services/get_snapshot HTTP API endpoint. A low-privileged attacker can read arbitrary files on the target host. Publicly disclosed d...
CVE-2021-38136
Corero SecureWatch Managed Services 9.7.2.0020 is affected by a Path Traversal vulnerability via the snapfile parameter in the /it-IT/splunkd/raw/services/getsnapshot HTTP API endpoint. A ‘low privileged’ attacker can read any file on the target host...
CVE-2021-38137
CVE-2021-38137 affects Corero SecureWatch Managed Services 9.7.2.0020, where swa-monitor and cns-monitor privilege checks are insufficient, allowing a user to perform actions outside their role. Documented impact is a privilege escalation-type issue with publicly reported CVSS scores: CVSS v2 bas...
CVE-2021-38137
Corero SecureWatch Managed Services 9.7.2.0020 does not correctly check swa-monitor and cns-monitor user’s privileges, allowing a user to perform actions not belonging to his role...
Corero Network Security Corero SecureWatch Managed Services 授权问题漏洞
Corero Network Security Corero SecureWatch Managed Services is a provider of Corero SecureWatch Managed Services from Corero Network Security, USA. An authorization issue vulnerability exists in Coreo SecureWatch Managed Services 9.7.2.0020, which allows an attacker to perform actions that do not...
Corero SecureWatch Managed Services 路径遍历漏洞
Corero Network Security Corero SecureWatch Managed Services is a provider of Corero SecureWatch Managed Services from Corero Network Security in the United States. A path traversal vulnerability exists in Corero SecureWatch Managed Services 9.7.2.0020, which arises from a network system or produc...
'Kill Switch' to Mitigate Memcached DDoS Attacks — Flush 'Em All
Security researchers have discovered a "kill switch" that could help companies protect their websites under massive DDoS attack launched using vulnerable Memcached servers. Massive Memcached reflection DDoS attacks with an unprecedented amplification factor of 50,000 recently resulted in some of...