6 matches found
EUVD-2014-1924
Malware in sbrugna...
Jetro Cockpit Secure Browsing vulnerability - Client missing input validation allowing RCE
CVE-2014-1861 Affected versions: 4.3.3 4.3.1 and probably prior versions. Jetro Cockpit Secure Browsing makes use of a client running on a user's workstation in the enterprise's internal network, and a server in the DMZ that connects on the client's behalf to the internet. Attack scenario: User...
Jetro Cockpit Secure Browsing code execution
Code execution via print-to-PDF function...
CVE-2014-1861
The client in Jetro COCKPIT Secure Browsing JCSB 4.3.1 and 4.3.3 does not validate the FileName element in an RDPFILETRANSFER document, which allows remote JCSB servers to execute arbitrary programs by providing a .EXE extension...
CVE-2014-1861
The client in Jetro COCKPIT Secure Browsing JCSB 4.3.1 and 4.3.3 does not validate the FileName element in an RDPFILETRANSFER document, which allows remote JCSB servers to execute arbitrary programs by providing a .EXE extension...
CVE-2014-1861
The CVE-2014-1861 entry affects Jetro COCKPIT Secure Browsing (JCSB) 4.3.1 and 4.3.3. The issue is that the client does not validate the FileName element in an RDP_FILE_TRANSFER document, allowing a remote JCSB server to cause RCE by supplying a .EXE extension. This can enable arbitrary code exec...