CVSS: 7.0EPSS: 0%CPEs: 13EXPL: 2CVE-2017-9644 – Automated Logic WebCTRL 6.5 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-9644
23 Aug 2017 — An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges. Se ha descubierto un ... • https://packetstorm.news/files/id/143895 • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 2CVE-2017-9650 – Automated Logic WebCTRL 6.5 - Unrestricted File Upload / Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-9650
23 Aug 2017 — An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to upload a malicious file allowing the execution of arbitrary code. Se ha descubierto un problema de carga de archivos sin restricciones con tipo... • https://packetstorm.news/files/id/143897 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4196
https://notcve.org/view.php?id=CVE-2007-4196
08 Aug 2007 — icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 misinterprets a certain memory location as the holder of a loop iteration count, which allows user-assisted remote attackers to cause a denial of service (long loop) and prevent examination of certain NTFS files via a malformed NTFS image. icat en Brian Carrier The Sleuth Kit (TSK) anterior a 2.09 malinterpreta una cierta localización de memoria como poseedora de un contador de iteraciones de bucle, lo cual permite a atacantes remotos con la complicidad... • http://sourceforge.net/mailarchive/message.php?msg_name=A19F11EF-13CA-4940-AFF3-9BE08F67EE22%40sleuthkit.org •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4197
https://notcve.org/view.php?id=CVE-2007-4197
08 Aug 2007 — icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 omits NULL pointer checks in certain code paths, which allows user-assisted remote attackers to cause a denial of service (NULL dereference and application crash) and prevent examination of certain NTFS files via a malformed NTFS image. icat en Brian Carrier The Sleuth Kit (TSK) anterior a 2.09 omite comprobaciones de puntero nulo (NULL) en determinados caminos de ejecución, lo cual permite a atacantes remotos con la intervención del usuario provocar un... • http://sourceforge.net/mailarchive/message.php?msg_name=A19F11EF-13CA-4940-AFF3-9BE08F67EE22%40sleuthkit.org •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4198
https://notcve.org/view.php?id=CVE-2007-4198
08 Aug 2007 — The fs_data_put_str function in ntfs.c in fls in Brian Carrier The Sleuth Kit (TSK) before 2.09 does not validate a certain length value, which allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image, which triggers a buffer over-read. La función fs_data_put_str de ntfs.c en fls de Brian Carrier The Sleuth Kit (TSK) anterior a 2.09 no valida un determinado valor de longitud, lo cual permite a atacantes re... • http://osvdb.org/46998 •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4199
https://notcve.org/view.php?id=CVE-2007-4199
08 Aug 2007 — Brian Carrier The Sleuth Kit (TSK) before 2.09 allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image that triggers (1) dereference of a certain integer value by ntfs_dent.c in fls, or (2) dereference of a certain other integer value by ntfs.c in fsstat. Brian Carrier The Sleuth Kit (TSK) anterior a 2.09 permite a atacantes remotos con la intervención del usuario provocar una denegación de servicio (caíd... • http://osvdb.org/46997 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4200
https://notcve.org/view.php?id=CVE-2007-4200
08 Aug 2007 — ntfs.c in fsstat in Brian Carrier The Sleuth Kit (TSK) before 2.09 interprets a certain variable as a byte count rather than a count of 32-bit integers, which allows user-assisted remote attackers to cause a denial of service (application crash) and prevent examination of certain NTFS files via a malformed NTFS image. ntfs.c en fsstat de Brian Carrier The Sleuth Kit (TSK) anterior a 2.09 interpreta una determinada variable como un contador de bytes en lugar de un contador de enteros de 32 bits, lo cual perm... • http://osvdb.org/46996 •