5 matches found
CVE-2021-38157
The CVE-2021-38157 entry concerns LeoStream Connection Broker 9.x prior to 9.0.34.3, which is vulnerable to unauthenticated reflected XSS via the /index.pl endpoint using the user parameter. The root cause is improper handling/validation of user-supplied input on that endpoint, enabling an attack...
CVE-2020-26574
Leostream Connection Broker 8.2.x is affected by a stored XSS via the webquery.pl User-Agent header. An unauthenticated attacker can inject JavaScript that is rendered when admins log in, potentially forcing the admin to upload a malicious Perl script that could be executed as root through libMis...
CVE-2021-41551
CVE-2021-41551 affects Leostream Connection Broker 9.0.40.17. Administrators can perform a directory traversal by uploading a ZIP file that contains a symbolic link, enabling access to files outside the intended directory. This is supported by Red Hat and NVD entries in the provided documents. Th...
CVE-2018-18817
The vulnerability CVE-2018-18817 affects the Leostream Agent prior to Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier. Root cause: the Leostream Agent API allows remote modification of registry keys, enabling an attacker to alter registry settings remotely (network vect...
CVE-2021-41550
The CVE-2021-41550 entry affects Leostream Connection Broker 9.0.40.17, where an administrator can upload and execute Perl code. The NVD entry cites a network-accessible vulnerability with low attack complexity and requires a high-privilege context (prerequisites: HIGH; UI: NONE) leading to parti...