4 matches found
CVE-2017-14771
The CVE concerns the Skybox Manager Client Application (pre-8.5.501). It describes an arbitrary file upload vulnerability caused by insufficient input validation of user-supplied file paths during uploads. A local authenticated attacker can upload arbitrary files and overwrite existing files with...
CVE-2017-14770
Skybox Manager Client Application (affected versions prior to 8.5.501) contains an information disclosure vulnerability in the authentication process. A local authenticated attacker could access user password hashes while the process is paused in a debugger during authentication. This is document...
CVE-2017-14772
The CVE-2017-14772 entry concerns Skybox Manager Client Application. It describes a local, unauthenticated information-disclosure issue where an attacker can enumerate valid usernames by analyzing error messages during login attempts. The root cause is information leakage via login error handling...
CVE-2017-14773
Skybox Manager Client Application (before 8.5.501) has an elevation of privileges vulnerability during authentication in a debugger-pause state. Exploitation requires a local authenticated attacker. Root cause details are not further specified in the provided documents. Remediation: upgrade to ve...