EUVD-2015-2274

Malware in sbrugna...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Report Viewer in Ericsson Drutt Mobile Service Delivery Platform MSDP 4.x, 5.x, and 6.x allow remote attackers to inject arbitrary web script or HTML via the 1 portal, 2 fromDate, 3 toDate, 4 fromTime, 5 toTime, 6 kword, 7 uname, 8 pname, 9...

Directory traversal

Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform MSDP 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f dot dot encoded slash in the default URI...

Open redirect

Open redirect vulnerability in the 3PI Manager in Ericsson Drutt Mobile Service Delivery Platform MSDP 4, 5, and 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to jsp/start-3pi-manager.jsp...

CVE-2015-2166

Ericsson Drutt Mobile Service Delivery Platform (MSDP) has a Local File Inclusion vulnerability in the Instance Monitor affecting versions 4–6. The flaw lets remote attackers read arbitrary files via a dot-dot-encoded slash (..%2f) in the default URI, enabling information disclosure. Root cause i...