CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-7667 – Arbitrary File Write via Archive Extraction (Zip Slip)
https://notcve.org/view.php?id=CVE-2020-7667
In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directory. Note: the fixing commit was applied to all affected versions which were re-released. En el paquete github.com/sassoftware/go-rpmutils/cpio anterior a la versión 0.1.0, la funcionalidad de extracción de CPIO, no sanea las rutas de los archivos archivados conduciendo o no ".. • https://github.com/sassoftware/go-rpmutils/commit/a64058cf21b8aada501bba923c9aab66fb6febf0 https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSASSOFTWAREGORPMUTILSCPIO-570427 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-9350
https://notcve.org/view.php?id=CVE-2020-9350
Graph Builder in SAS Visual Analytics 8.5 allows XSS via a graph template that is accessed directly. Graph Builder en SAS Visual Analytics versión 8.5, permite un XSS por medio de una plantilla de gráfico que es accedida directamente. • http://support.sas.com/kb/65/358.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 21EXPL: 2CVE-2019-14678
https://notcve.org/view.php?id=CVE-2019-14678
SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects the XMLV2 LIBNAME engine when the AUTOMAP option is used. SAS XML Mapper versión 9.45, tiene una vulnerabilidad de tipo XML External Entity (XXE) que los atacantes maliciosos pueden aprovechar en múltiples maneras. Algunos ejemplos son la Lectura de Archivos Local, la Filtración de Archivos Fuera de Banda, la Falsificación de Peticiones del Lado del Servidor o potenciales ataques de denegación de servicio. • https://github.com/mbadanoiu/CVE-2019-14678 http://support.sas.com/kb/64/719.html https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-14678-Unsafe%20XML%20Parsing-SAS%20XML%20Mapper • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6763
https://notcve.org/view.php?id=CVE-2007-6763
SAS Drug Development (SDD) before 32DRG02 mishandles logout actions, which allows a user (who was previously logged in) to access resources by pressing a back or forward button in a web browser. SAS Drug Development (SDD) anterior de 32DRG02 maneja mal las acciones de cierre de sesión, lo que permite a un usuario (que había iniciado sesión previamente) acceder a los recursos presionando un botón de retroceso o avance en un navegador web • http://ftp.sas.com/techsup/download/hotfix/drugdev/32drg02/SDD_Release_Notes_32DRG02.pdf • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 28%CPEs: 1EXPL: 1CVE-2019-5434 – Revive Adserver 4.2 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-5434
An attacker could send a specifically crafted payload to the XML-RPC invocation script and trigger the unserialize() call on the "what" parameter in the "openads.spc" RPC method. Such vulnerability could be used to perform various types of attacks, e.g. exploit serialize-related PHP vulnerabilities or PHP object injection. It is possible, although unconfirmed, that the vulnerability has been used by some attackers in order to gain access to some Revive Adserver instances and deliver malware through them to third party websites. This vulnerability was addressed in version 4.2.0. Un atacante podría enviar una carga específicamente creada al script de invocación XML-RPC y activar la llamada unserialize() en el parámetro "what" en el método RPC "openads.spc". • https://www.exploit-db.com/exploits/47739 http://packetstormsecurity.com/files/155559/Revive-Adserver-4.2-Remote-Code-Execution.html https://hackerone.com/reports/512076 https://hackerone.com/reports/542670 https://www.revive-adserver.com/security/revive-sa-2019-001 • CWE-502: Deserialization of Untrusted Data •