58 matches found
EUVD-2019-15745
Malware in sbrugna...
EUVD-2019-15727
Malware in sbrugna...
EUVD-2015-8000
Malware in sbrugna...
EUVD-2018-20677
Malware in sbrugna...
CVE-2019-6178
CVE-2019-6178 affects Iomega and LenovoEMC NAS products with Personal Cloud enabled. The vulnerability permits information leakage of device details (e.g., share names) via the device API without granting access to underlying file systems or contents. There is no published patch for CVE-2019-6178...
CVE-2019-6178
An information leakage vulnerability in Iomega and LenovoEMC NAS products could allow disclosure of some device details such as Share names through the device API when Personal Cloud is enabled. This does not allow read, write, delete, or any other access to the underlying file systems and their...
PT-2019-18007 · Lenovoemc +1 · Lenovoemc Nas +1
Name of the Vulnerable Software and Affected Versions: Iomega and LenovoEMC NAS products affected versions not specified Description: The issue is related to an information leakage vulnerability. It could allow disclosure of some device details, such as Share names, through the device API when...
LenovoEMC Storage Gear Leaks Sensitive Financial Data
Researchers are warning of a vulnerability in LenovoEMC storage hardware and legacy Iomega-branded network attached storage NAS appliances that could lead to a breach of data stored on the devices. The bug, disclosed Tuesday by Lenovo, is rated high-severity and can be triggered via specially...
CVE-2019-6160
A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API...
CVE-2019-6160
A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API...
Design/Logic Flaw
A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API...
CVE-2019-6160
CVE-2019-6160 affects Iomega and LenovoEMC NAS devices. Affected component: NAS API allowing unauthenticated access to files on NAS shares. Root cause details are not explicitly described beyond API exposure enabling file access. Impact stated: unauthenticated users could access files on shares v...
CVE-2019-6160
A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API...
CVE-2018-9080
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise...
CVE-2018-9079
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model DOM of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the...
CVE-2018-9082
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to set a new one. As a result, attackers with access to the user's session tokens can change their...
CVE-2018-9081
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content...
Session fixation
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, by setting the Iomega cookie to a known value before logging into the NAS's web application, the NAS will not provide the user a new cookie value. This allows an attacker who knows the cookie's value to compromise...
Cross site scripting
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content...
Command injection
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user...