14 matches found
EUVD-2016-9196
Malware in sbrugna...
Automated Logic Corporation ALC WebCTRL, Liebert SiteScan, Carrier i-VU Improper Restriction of XML External Entity Reference (CVE-2016-5795)
An XXE issue was discovered in Automated Logic Corporation ALC Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser...
Automated Logic Corporation ALC WebCTRL, Liebert SiteScan, Carrier i-VU Improper Restriction of XML External Entity Reference (CVE-2016-5795)
An XXE issue was discovered in Automated Logic Corporation ALC Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser...
Automated Logic Corporation ALC WebCTRL, Liebert SiteScan, Carrier i-VU Improper Restriction of XML External Entity Reference (CVE-2016-5795)
An XXE issue was discovered in Automated Logic Corporation ALC Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser...
Vertiv Liebert SiteScan Web Improper Restriction of XML External Entity Reference (CVE-2016-8348)
An XML External Entity XXE issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or...
The vulnerability of Liebert SiteScan, a web-based system for controlling critical equipment, stems from an improper limitation on XML links to external objects. This allows a violator to access confidential information.
The vulnerability of the Liebert SiteScan web-based critical equipment monitoring system lies in improper restrictions on XML links to external objects. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information by using specially crafted XML requests...
CVE-2016-5795
An XXE issue was discovered in Automated Logic Corporation ALC Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser...
CVE-2016-5795
An XXE issue was discovered in Automated Logic Corporation ALC Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser...
CVE-2016-8348
An XML External Entity XXE issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or...
CVE-2016-8348
An XML External Entity XXE issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or...
CVE-2016-8348
An XML External Entity XXE issue was discovered in Emerson Liebert SiteScan Web Version 6.5, and prior. An attacker may enter malicious input to Liebert SiteScan through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or...
CVE-2016-8348
CVE-2016-8348 describes an XML External Entity (XXE) vulnerability in Emerson Liebert SiteScan Web (Version 6.5 and earlier). The issue arises from a weakly configured XML parser, allowing an attacker to send malicious XML input that could cause arbitrary code execution or disclosure of server/ne...
Emerson Liebert SiteScan XML External Entity Vulnerability
OVERVIEW Researcher Evgeny Ermakov from Kaspersky Lab has identified an XML External Entity XXE vulnerability affecting Emerson’s Liebert SiteScan application. Emerson has produced patches to mitigate this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The...
PT-2016-35: XML External Entity Injection in Liebert SiteScan
The specialists of the Positive Research center have detected an XML External Entity Injection vulnerability in Liebert SiteScan. Vulnerability in Liebert SiteScan allows attackers to obtain sensitive information via a specially crafted XML request. How to fix Update your software up to the lates...