5 matches found
CVE-2017-8051
Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tnsappliancesessionuser parameter, a remote attacker can inject arbitrary commands...
CVE-2017-8051
Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tnsappliancesessionuser parameter, a remote attacker can inject arbitrary commands...
CVE-2017-8051
CVE-2017-8051 affects Tenable Appliance 3.5–4.4.0 (and possibly earlier) via the simpleupload.py Web UI. The flaw allows arbitrary command execution by manipulating the tns_appliance_session_user parameter, enabling unauthenticated, remote code execution as described in multiple sources (e.g., Re...
CVE-2017-8051
Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tnsappliancesessionuser parameter, a remote attacker can inject arbitrary commands...
Tenable Appliance < 4.5.0 Web UI simpleupload.py Remote Command Execution (CVE-2017-8051)
The remote Tenable Appliance host is affected by a remote command execution vulnerability in the web user interface in the simpleupload.py script due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via the 'tnsappliancesessionuser' parameter, t...