30 matches found
EUVD-2002-1842
Malware in sbrugna...
EUVD-2019-15727
Malware in sbrugna...
EUVD-2019-15745
Malware in sbrugna...
EUVD-2018-20681
Malware in sbrugna...
EUVD-2018-20683
Malware in sbrugna...
EUVD-2002-1934
Malware in sbrugna...
EUVD-2018-20680
Malware in sbrugna...
CVE-2002-1955
Iomega NAS A300U uses cleartext LANMAN authentication when mounting CIFS/SMB drives, which allows remote attackers to perform a man-in-the-middle attack...
CVE-2002-1949
The Network Attached Storage NAS Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password...
CVE-2002-1863
Iomega Network Attached Storage NAS A300U, and possibly other models, does not allow the FTP service to be disabled, which allows local users to access home directories via FTP even when access to all shared directories have been disabled...
PT-2019-18007 · Lenovoemc +1 · Lenovoemc Nas +1
Name of the Vulnerable Software and Affected Versions: Iomega and LenovoEMC NAS products affected versions not specified Description: The issue is related to an information leakage vulnerability. It could allow disclosure of some device details, such as Share names, through the device API when...
CVE-2019-6160
A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API...
CVE-2018-9081
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content...
CVE-2018-9079
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model DOM of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the...
CVE-2018-9078
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset. The application does...
CVE-2018-9080
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise...
CVE-2018-9082
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to set a new one. As a result, attackers with access to the user's session tokens can change their...
CVE-2018-9074
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device's operating system as the root user...
CVE-2018-9080
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise...
CVE-2018-9077
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "" characters in the share : name parameter. As a result, arbitrary commands may be executed as the root user. The...