22 matches found
EUVD-2018-18050
Malware in sbrugna...
EUVD-2018-18051
Malware in sbrugna...
EUVD-2018-18052
Malware in sbrugna...
EUVD-2018-18049
Malware in sbrugna...
The vulnerability in the web console of the Kaspersky Secure Mail Gateway security tool, which allows access to the root user rights.
The vulnerability of the Kaspersky Secure Mail Gateway web console relates to deficiencies in the process of eliminating special elements from the output data used by the incoming component. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain root user privilege...
CVE-2018-6288
Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1...
Cross site scripting
WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1...
CVE-2018-6291
WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1...
CVE-2018-6289
Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1...
CVE-2018-6290
Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1.1...
Privilege escalation
Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1.1...
Design/Logic Flaw
Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1...
Cross site request forgery (csrf)
Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1...
CVE-2018-6290
CVE-2018-6290 is a local privilege escalation in Kaspersky Secure Mail Gateway 1.1.0.379 where a setuid root binary at /opt/kaspersky/klms-appliance/libexec/upgrade/upgrade_launcher can be abused by a kluser to run a malicious Python script, elevating privileges to root. The Core Security advisor...
CVE-2018-6289
Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1...
CVE-2018-6288
Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1...
CVE-2018-6289
Kaspersky Secure Mail Gateway 1.1.0.379 has a Web Management Console vulnerability (CVE-2018-6289) that allows configuration-file injection into /etc/postfix/main.cf, enabling arbitrary commands to execute as root. The Core Security advisory CORE-2017-0010 details that adding a crafted BCC addres...
CVE-2018-6291
Kaspersky Secure Mail Gateway 1.1.0.379 web management console contains multiple vulnerabilities described in CORE-2017-0010, including CVE-2018-6291 (Reflected XSS in importSettings callback) and related CVEs (CVE-2018-6288/6289/6290) enabling CSRF, remote command execution as root via crafted s...
CVE-2018-6291
WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1...
CVE-2018-6290
Local Privilege Escalation in Kaspersky Secure Mail Gateway version 1.1...