9 matches found
IBM Sterling Connect Direct for Unix 安全漏洞
IBM Sterling Connect Direct for Unix is a file transfer program from International Business Machines IBM. A security vulnerability exists in IBM Sterling Connect Direct for Unix versions 6.2.0.7 through 6.2.0.9, iFix004 and 6.4.0.0 through 6.4.0.2, iFix001 and 6.3.0.2 through 6.3.0.5, iFix002,...
EUVD-2020-3437
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2020-11060
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an...
CVE-2020-11060
In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only conceivable by an account...
CVE-2020-11060
In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only conceivable by an account...
Cross site request forgery (csrf)
In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only conceivable by an account...
CVE-2020-11060
In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only conceivable by an account...
CVE-2020-11060 Remote Code Execution in GLPI
In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only conceivable by an account...
glpi -- Remote Code Execution (RCE) via the backup functionality
MITRE Corporation reports: In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only...