EUVD-2014-0396

Malware in sbrugna...

EUVD-2014-0397

Malware in sbrugna...

Security Bulletin: IBM TRIRIGA Application Platform discloses remote attacker to execute commands (CVE-2014-0359)

Summary Xangati could allow a remote attacker to execute arbitrary commands on the system, caused by the improper validation of input by /servlet/Installer. Vulnerability Details IBM X-Force ID: 92636 DESCRIPTION: Xangati could allow a remote attacker to execute arbitrary commands on the system,...

CVE-2014-0359

Xangati XSR before 11 and XNR before 7 allows remote attackers to execute arbitrary commands via shell metacharacters in a guiinputtest.pl params parameter to servlet/Installer...

CVE-2014-0358

Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. dot dot in 1 the file parameter in a getUpgradeStatus action to servlet/MGConfigData, 2 the download parameter in a download action to servlet/MGConfigDat...

Design/Logic Flaw

Xangati XSR before 11 and XNR before 7 allows remote attackers to execute arbitrary commands via shell metacharacters in a guiinputtest.pl params parameter to servlet/Installer...

Directory traversal

Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. dot dot in 1 the file parameter in a getUpgradeStatus action to servlet/MGConfigData, 2 the download parameter in a download action to servlet/MGConfigDat...

CVE-2014-0359

Xangati XSR before 11 and XNR before 7 allows remote attackers to execute arbitrary commands via shell metacharacters in a guiinputtest.pl params parameter to servlet/Installer...

CVE-2014-0358

Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. dot dot in 1 the file parameter in a getUpgradeStatus action to servlet/MGConfigData, 2 the download parameter in a download action to servlet/MGConfigDat...

CVE-2014-0358

CVE-2014-0358 affects Xangati XSR before 11 and XNR before 7, with multiple directory traversal vulnerabilities allowing remote attackers to read arbitrary files via ../ in parameters for actions on MGConfigData, Installer, or related endpoints. The root cause is improper input validation of file...

CVE-2014-0359

The CVE-2014-0359 issue affects Xangati XSR before 11 and XNR before 7, where an attacker can remotely execute arbitrary commands through shell metacharacters in the params parameter of gui_input_test.pl used by the servlet/Installer. The root cause is insufficient input validation that allows co...

Xangati - servletInstaller?file Directory Traversal

Xangati - servletInstaller?file Directory Traversal source: https://www.securityfocus.com/bid/66817/info Xangati XSR And XNR are prone to a multiple directory-traversal vulnerabilities. A remote attacker could exploit these vulnerabilities using directory-traversal characters '../' to access or...

Xangati XSR XNR - gui_input_test.pl Remote Command Execution

Xangati XSR XNR - guiinputtest.pl Remote Command Execution source: https://www.securityfocus.com/bid/66819/info Xangati XSR And XNR are prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input data. An attacker may leverage this...

Xangati - '/servlet/Installer?file' Directory Traversal

source: https://www.securityfocus.com/bid/66817/info Xangati XSR And XNR are prone to a multiple directory-traversal vulnerabilities. A remote attacker could exploit these vulnerabilities using directory-traversal characters '../' to access or read arbitrary files that contain sensitive...

Xangati - servletMGConfigData Multiple Directory Traversals

Xangati - servletMGConfigData Multiple Directory Traversals source: https://www.securityfocus.com/bid/66817/info Xangati XSR And XNR are prone to a multiple directory-traversal vulnerabilities. A remote attacker could exploit these vulnerabilities using directory-traversal characters '../' to...

Xangati - '/servlet/MGConfigData' Multiple Directory Traversals

source: https://www.securityfocus.com/bid/66817/info Xangati XSR And XNR are prone to a multiple directory-traversal vulnerabilities. A remote attacker could exploit these vulnerabilities using directory-traversal characters '../' to access or read arbitrary files that contain sensitive...

Xangati software release contains relative path traversal and command injection vulnerabilities

Overview Xangati's software release contains relative path traversal CWE-23 and command injection CWE-78 vulnerabilities. Description Xangati's software release contains relative path traversal CWE-23 and command injection CWE-78 vulnerabilities.CWE-23: Relative Path Traversal -CVE-2014-0358 The...

Xangati XSR / XNR - 'gui_input_test.pl' Remote Command Execution

source: https://www.securityfocus.com/bid/66819/info Xangati XSR And XNR are prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary commands in the context of the...