4 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-14466
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The GOsaFilterSettings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file...
Ubuntu: Security Advisory (USN-4609-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4609-1: GOsa vulnerabilities
Fabian Henneke discovered that GOsa incorrectly handled client cookies. An authenticated user could exploit this with a crafted cookie to perform file deletions in the context of the user account that runs the web server. CVE-2019-14466 It was discovered that GOsa incorrectly handled user access...
CVE-2019-14466
CVE-2019-14466 – GOsa vulnerability in GOsa 2.7.5.2 The GOsa_Filter_Settings cookie is vulnerable to PHP object/injection via unserialize, allowing a remote authenticated attacker to perform file deletions in the context of the web server user by crafting the cookie value. The affected component ...