CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 0CVE-2013-3626
https://notcve.org/view.php?id=CVE-2013-3626
Directory traversal vulnerability in the Session Server in Attachmate Verastream Host Integrator (VHI) 6.0 through 7.5 SP 1 HF 1 allows remote attackers to upload and execute arbitrary files via a crafted message. Vulnerabilidad de salto de directorio en Servidor de Sesiones en Attachmate Verastream Host Integrator (VHI) 6.0 6.0 a 7.5 SP 1 HF 1 permite a atacantes remotos subir y ejecutar archivos arbitrarios a través de un mensaje manipulado. • http://support.attachmate.com/techdocs/2700.html http://www.kb.cert.org/vuls/id/436214 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.9EPSS: 0%CPEs: 10EXPL: 0CVE-2011-5157
https://notcve.org/view.php?id=CVE-2011-5157
Untrusted search path vulnerability in Attachmate Reflection before 14.1 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, a related issue to CVE-2011-0107. NOTE: some of these details are obtained from third party information. Vulnerabilidad que no se confía en la ruta de búsqueda de Attachmate Reflection anterior a v14.1 SP1 permite a usuarios locales obtener privilegios a través de un troyano DLL en el directorio de trabajo actual, un tema relacionado con CVE-2011-0107. NOTA: algunos de estos detalles han sido obtenidos a partir de información de terceros. • http://secunia.com/advisories/46692 http://support.attachmate.com/techdocs/1708.html http://www.securityfocus.com/bid/50496 https://exchange.xforce.ibmcloud.com/vulnerabilities/78318 •
CVSS: 10.0EPSS: 2%CPEs: 6EXPL: 2CVE-2011-5012 – Attachmate Reflection FTP Client - Heap Overflow
https://notcve.org/view.php?id=CVE-2011-5012
Heap-based buffer overflow in the Reflection FTP Client (rftpcom.dll 7.2.0.106 and possibly other versions), as used in Attachmate Reflection 2008, Reflection 2011 R1 before 15.3.2.569 and R1 SP1 before, Reflection 2011 R2 before 15.4.1.327, Reflection Windows Client 7.2 SP1 before hotfix 7.2.1186, and Reflection 14.1 SP1 before 14.1.1.206, allows remote FTP servers to execute arbitrary code via a long directory name in a response to a LIST command. Desbordamiento de búfer en la región heap de la memoria en Reflection FTP Client (la biblioteca rftpcom.dll versión 7.2.0.106 y posiblemente otras versiones), como es usado en Reflection 2008, Reflection 2011 versión R1 anterior a 15.3.2.569 y anterior a versión R1 SP1, Reflection 2011 versión R2 anterior a 15.4.1.327, Reflection Windows Client versión 7.2 SP1 anterior a hotfix 7.2.1186, y Reflection versión 14.1 SP1 anterior a 14.1.1.206 de Attachmate, permite a servidores FTP remotos ejecutar código arbitrario por medio de un nombre de directorio largo en una respuesta a un comando LIST. • https://www.exploit-db.com/exploits/18119 http://secunia.com/advisories/46879 http://support.attachmate.com/techdocs/1708.html http://support.attachmate.com/techdocs/2288.html http://support.attachmate.com/techdocs/2502.html http://www.exploit-db.com/exploits/18119 http://www.osvdb.org/77189 http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=29&Itemid=29 http://www.securitytracker.com/id?1026340 https://exchange.xforce.ibmcloud.com/vulnerabilities/71330 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2010-4146
https://notcve.org/view.php?id=CVE-2010-4146
Cross-site scripting (XSS) vulnerability in Attachmate Reflection for the Web 2008 R2 (builds 10.1.569 and earlier), 2008 R1, and 9.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados en Attachmate Reflection para la Web 2008 R2 (builds 10.1.569 y anteriores), 2008 R1, y 9.6 y anteriores. Permite a atacantes remotos inyectar codigo de script web o código HTML de su elección a través de vectores de ataque desconocidos. • http://osvdb.org/68637 http://secunia.com/advisories/41869 http://support.attachmate.com/techdocs/1704.html http://www.securityfocus.com/bid/44123 https://exchange.xforce.ibmcloud.com/vulnerabilities/62564 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2008-6021
https://notcve.org/view.php?id=CVE-2008-6021
Multiple unspecified vulnerabilities in Attachmate Reflection for Secure IT UNIX Client and Server before 7.0 SP1 have unknown impact and attack vectors, aka "security vulnerabilities found by 3rd party analysis." Múltiples vulnerabilidades no especificadas en Attachmate Reflection for Secure IT UNIX (cliente y servidor) en versiones anteriores a v7.0 SP1. Se desconoce el impacto y los vectores de ataque. • http://support.attachmate.com/techdocs/2374.html http://www.securityfocus.com/bid/30723 https://exchange.xforce.ibmcloud.com/vulnerabilities/48536 •