19 matches found
EUVD-2017-18725
Malware in sbrugna...
EUVD-2017-18728
Malware in sbrugna...
CVE-2017-9811
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312. By abusing the quarantine read and write operations, it is possible to elevate the privileges to root...
CVE-2017-9810
There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312. This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain...
CVE-2017-9813
In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312, the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting XSS...
CVE-2017-9812
The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312 to read arbitrary files with kluser privileges...
CVE-2017-9812
The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312 to read arbitrary files with kluser privileges...
Code injection
The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312 to read arbitrary files with kluser privileges...
CVE-2017-9811
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312. By abusing the quarantine read and write operations, it is possible to elevate the privileges to root...
Cross site request forgery (csrf)
There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312. This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain...
CVE-2017-9810
CVE-2017-9810 affects Kaspersky Anti-Virus for Linux File Server Web Management Console (Kaspersky, 8.0.x). The root cause is absence of Anti-CSRF tokens in forms, enabling CSRF to submit authenticated requests when a user browses attacker-controlled domains. CORE-2017-0003 describes associated i...
CVE-2017-9811
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312. By abusing the quarantine read and write operations, it is possible to elevate the privileges to root...
CVE-2017-9813
In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312, the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting XSS...
CVE-2017-9812
The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312 to read arbitrary files with kluser privileges...
CVE-2017-9810
There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 version 8.0.4.312. This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain...
Kaspersky Anti-Virus for Linux File Server Cross-Site Request Forgery Vulnerability
Kaspersky Anti-Virus for Linux File Server is designed to provide antivirus protection for file servers running under the Linux operating system. A cross-site request forgery vulnerability exists in Kaspersky Anti-Virus for Linux File Server. This allows an attacker to submit authenticated reques...
Kaspersky Anti-Virus for Linux File Server Path Traversal Vulnerability
Kaspersky Anti-Virus for Linux File Server is designed to provide antivirus protection for file servers running under the Linux operating system. A path traversal vulnerability exists in Kaspersky Anti-Virus for Linux File Server. The vulnerability allows an attacker to read arbitrary files with...
Kaspersky Anti-Virus for Linux File Server Reflective Cross-Site Scripting Vulnerability
Kaspersky Anti-Virus for Linux File Server is designed to provide antivirus protection for file servers running under the Linux operating system. A reflected cross-site scripting vulnerability exists in Kaspersky Anti-Virus for Linux File Server. The vulnerability allows an attacker to execute...
Kaspersky Anti-Virus for Linux File Server Elevation of Privilege Vulnerability
Kaspersky Anti-Virus for Linux File Server is designed to provide antivirus protection for file servers running under the Linux operating system. An elevation of privilege vulnerability exists in Kaspersky Anti-Virus for Linux File Server. The vulnerability allows attackers to exploit an elevatio...