56 matches found
CVE-2018-25312
LifeSize ClearSea 3.1.4 contains directory traversal vulnerabilities that allow authenticated attackers to download and upload arbitrary files by manipulating path parameters in the smartgui interface. Attackers can exploit the upload endpoint with directory traversal sequences to write files to...
CVE-2018-25312
CVE-2018-25312 affects LifeSize ClearSea 3.1.4. The vulnerability is a directory traversal in the smartgui interface that, when combined with uploading and manipulating path parameters, allows an authenticated attacker with network access to write files to arbitrary locations and potentially achi...
CVE-2018-25312 LifeSize ClearSea 3.1.4 Directory Traversal Remote Code Execution
LifeSize ClearSea 3.1.4 contains directory traversal vulnerabilities that allow authenticated attackers to download and upload arbitrary files by manipulating path parameters in the smartgui interface. Attackers can exploit the upload endpoint with directory traversal sequences to write files to...
CVE-2018-25312 LifeSize ClearSea 3.1.4 Directory Traversal Remote Code Execution
LifeSize ClearSea 3.1.4 contains directory traversal vulnerabilities that allow authenticated attackers to download and upload arbitrary files by manipulating path parameters in the smartgui interface. Attackers can exploit the upload endpoint with directory traversal sequences to write files to...
PT-2026-35995
LifeSize ClearSea 3.1.4 contains directory traversal vulnerabilities that allow authenticated attackers to download and upload arbitrary files by manipulating path parameters in the smartgui interface. Attackers can exploit the upload endpoint with directory traversal sequences to write files to...
LifeSize ClearSea 路径遍历漏洞
LifeSize ClearSea is a unified communication platform provided by LifeSize Corporation, offering enterprise-level video communication and mobile collaboration capabilities. Version 3.1.4 of LifeSize ClearSea contains a path traversal vulnerability. This vulnerability stems from directory traversa...
CVE-2019-7632
LifeSize Team, Room, Passport, and Networker 220 devices allow Authenticated Remote OS Command Injection, as demonstrated by shell metacharacters in the support/mtusize.php mtusize parameter. The lifesize default password for the cli account may sometimes be used for authentication...
EUVD-2019-17165
Malware in sbrugna...
EUVD-2011-2737
Malware in sbrugna...
EUVD-2018-9721
Malware in sbrugna...
CVE-2019-3702
A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LSRM33.7.0 2421 allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request...
CVE-2018-17981
Lifesize Express ls ex24.7.10 2000 14 devices allow XSS via the interface/interface.php brand parameter...
CVE-2018-17981
Lifesize Express ls ex24.7.10 2000 14 devices allow XSS via the interface/interface.php brand parameter...
CVE-2018-17981
Lifesize Express ls ex24.7.10 2000 14 devices allow XSS via the interface/interface.php brand parameter...
Design/Logic Flaw
Lifesize Express ls ex24.7.10 2000 14 devices allow XSS via the interface/interface.php brand parameter...
CVE-2018-17981
Lifesize Express ls ex24.7.10 2000 14 devices allow XSS via the interface/interface.php brand parameter...
CVE-2018-17981
CVE-2018-17981 affects Lifesize Express devices running ls ex2_4.7.10 (2000 (14) devices). The vulnerability is a cross-site scripting (XSS) flaw exploitable via the interface/interface.php brand parameter, leading to potential script execution in a user’s browser. Root cause is an XSS in the bra...
CVE-2019-3702
A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LSRM33.7.0 2421 allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request...
CVE-2019-3702
A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LSRM33.7.0 2421 allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request...
Remote code execution
A Remote Code Execution issue in the DNS Query Web UI in Lifesize Icon LSRM33.7.0 2421 allows remote authenticated attackers to execute arbitrary commands via a crafted DNS Query address field in a JSON API request...