18 matches found
EUVD-2019-9077
Malware in sbrugna...
EUVD-2019-9080
Malware in sbrugna...
CVE-2019-19457
SALTO ProAccess SPACE 5.4.3.0 allows XSS...
CVE-2019-19458
SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature...
CVE-2019-19459
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary commands on the server...
Cross site scripting
SALTO ProAccess SPACE 5.4.3.0 allows XSS...
Directory traversal
SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature...
Design/Logic Flaw
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary commands on the server...
CVE-2019-19460
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. An attacker who is able to exploit CVE-2019-19458 or CVE-2019-19459 is basically able to write to...
Design/Logic Flaw
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. An attacker who is able to exploit CVE-2019-19458 or CVE-2019-19459 is basically able to write to...
CVE-2019-19457
SALTO ProAccess SPACE 5.4.3.0 allows XSS...
CVE-2019-19457
CVE-2019-19457 affects SALTO ProAccess SPACE, specifically version 5.4.3.0, which is vulnerable to cross-site scripting due to insufficient validation of client data by the WEB application. Public records (NVD, Red Hat, RH) corroborate the XSS flaw for this release. The SEC Consult advisory indic...
CVE-2019-19458
SALTO ProAccess SPACE 5.4.3.0 has a Directory Traversal vulnerability in the Data Export feature (CVE-2019-19458). Exploitation can enable an attacker to write arbitrary content to arbitrary files under the web root; in practice, this can lead to executing arbitrary commands on the server per rel...
CVE-2019-19458
SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature...
CVE-2019-19459
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary commands on the server...
CVE-2019-19459
The SALTO ProAccess SPACE 5.4.3.0 vulnerability set includes CVE-2019-19458 (Directory Traversal in Data Export) and CVE-2019-19459 (arbitrary file write). The root cause is the ability to write arbitrary content to arbitrary files, enabling potential command execution. The web server runs as a W...
CVE-2019-19460
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. An attacker who is able to exploit CVE-2019-19458 or CVE-2019-19459 is basically able to write to...
CVE-2019-19460
SALTO ProAccess SPACE 5.4.3.0 is affected by CVE-2019-19458 (Directory Traversal in Data Export) and CVE-2019-19459 (arbitrary file writes and command execution on the server). These flaws allow an attacker to write arbitrary content to arbitrary files, with exploitation demonstrated against the ...