3 matches found
CVE-2018-11141
The 'IMAGESJSON' and 'attachmentstoremove' parameters of the '/adminui/advisory.php' script in the Quest KACE System Management Virtual Appliance 8.0.318 can be abused to write and delete files respectively via Directory Traversal. Files can be at any location where the 'www' user has write...
Design/Logic Flaw
The remote-support feature on Cisco Web Security Virtual Appliance WSAv, Email Security Virtual Appliance ESAv, and Security Management Virtual Appliance SMAv devices before 2015-06-25 uses the same default SSH host keys across different customers' installations, which makes it easier for remote...
CVE-2015-4216
The CVE concerns Cisco WSAv/ESAv/SMAv devices where the remote-support feature uses the same default SSH root authorized key across different customer installations, enabling an attacker with knowledge of a private key from another installation to bypass authentication. Affected products are Cisc...