CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-5185
https://notcve.org/view.php?id=CVE-2017-5185
A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service. Se descubrió una vulnerabilidad en NetIQ Sentinel Server 8.0 en versiones anteriores a 8.0.1 que pueden permitir la denegación remota de servicio. • http://www.securityfocus.com/bid/97267 https://www.netiq.com/support/kb/doc.php?id=7018753 https://www.tenable.com/security/research/tra-2017-15 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 18%CPEs: 9EXPL: 0CVE-2016-5765 – Attachmate Host Access Management and Security Server PassThru Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-5765
Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection for the Web (RWeb) and Reflection Security Gateway (RSG) and Reflection ZFE (ZFE) allows remote unauthenticated attackers to read arbitrary files via a specially crafted URL that allows limited directory traversal. Applies to MSS 12.3 before 12.3.326 and MSS 12.2 before 12.2.342 and RSG 12.1 before 12.1.362 and RWeb 12.3 before 12.3.312 and RWeb 12.2 before 12.2.342 and RWeb 12.1 before 12.1.362 and ZFE 2.0.1 before 2.0.1.18 and ZFE 2.0.0 before 2.0.0.52 and ZFE 1.4.0 before 1.4.0.14. Administrative Server en Micro Focus Host Access Management y Security Server (MSS) y Reflection para la Web (RWeb) y Reflection Security Gateway (RSG) y Reflection ZFE (ZFE) permite a atacantes remotos no autenticados leer archivos arbitrarios a través de una URL especialmente manipulada que permite recorrido de directorio limitado. Se aplica a MSS 12.3 en versiones anteriores a 12.3.326 y MSS 12.2 en versiones anteriores a 12.2.342 y RSG 12.1 en versiones anteriores a 12.1.362 y RWeb 12.3 en versiones anteriores a 12.3.312 y RWeb 12.2 en versiones anteriores a 12.2.342 y RWeb 12.1 en versiones anteriores a 12.1.362 y ZFE 2.0.1 en versiones anteriores a 2.0.1.18 y ZFE 2.0.0 en versiones anteriores a 2.0.0.52 y ZFE 1.4.0 en versiones anteriores a 1.4.0.14. This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Attachmate Host Access Management and Security Server. • http://support.attachmate.com/techdocs/1704.html http://www.securityfocus.com/bid/94579 http://www.zerodayinitiative.com/advisories/ZDI-16-618 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9176
https://notcve.org/view.php?id=CVE-2016-9176
Stack buffer overflow in the send.exe and receive.exe components of Micro Focus Rumba 9.4 and earlier could be used by local attackers or attackers able to inject arguments to these binaries to execute code. Desbordamiento de búfer en pila en los componentes send.exe y receive.exe de Micro Focus Rumba 9.4 y versiones anteriores podría ser usado por atacantes locales o atacantes capaces de inyectar argumentos a esos binarios para ejecutar código. • http://www.securityfocus.com/bid/94236 https://www.exploit-db.com/exploits/40648 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 6EXPL: 1CVE-2016-5764 – Rumba FTP Client 4.x - Remote Stack Buffer Overflow (SEH)
https://notcve.org/view.php?id=CVE-2016-5764
Micro Focus Rumba FTP 4.X client buffer overflow makes it possible to corrupt the stack and allow arbitrary code execution. Fixed in: Rumba FTP 4.5 (HF 14668). This can only occur if a client connects to a malicious server. Desbordamiento de búfer de cliente de Micro Focus Rumba FTP 4.X hace posible corromper la pila y permitir ejecución de un código arbitrario. Arreglado en: Rumba FTP 4.5 (HF 14668). • https://www.exploit-db.com/exploits/40651 http://community.microfocus.com/microfocus/mainframe_solutions/rumba/w/knowledge_base/28731.rumba-ftp-4-x-security-update.aspx http://www.securityfocus.com/bid/93974 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 33%CPEs: 1EXPL: 1CVE-2016-1606 – Micro Focus Rumba+ 9.4 - Multiple Stack Buffer Overflow Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-1606
Multiple stack-based buffer overflows in COM objects in Micro Focus Rumba 9.4.x before 9.4 HF 13960 allow remote attackers to execute arbitrary code via (1) the NetworkName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (2) the CPName property value to ObjectXSNAConfig.ObjectXSNAConfig in iconfig.dll, (3) the PrinterName property value to ProfileEditor.PrintPasteControl in ProfEdit.dll, (4) the Data argument to the WriteRecords function in FTXBIFFLib.AS400FtxBIFF in FtxBIFF.dll, (5) the Serialized property value to NMSECCOMPARAMSLib.SSL3 in NMSecComParams.dll, (6) the UserName property value to NMSECCOMPARAMSLib.FirewallProxy in NMSecComParams.dll, (7) the LUName property value to ProfileEditor.MFSNAControl in ProfEdit.dll, (8) the newVal argument to the Load function in FTPSFTPLib.SFtpSession in FTPSFtp.dll, or (9) a long Host field in the FTP Client. Multiple desbordamiento del buffer basado en pila en objetos COM en Micro Focus Rumba 9.4.x en versiones anteriores a 9.4 HF 13960 permite a atacantes remotos ejecutar un código arbitrario a través de via (1) el valor de propiedad NetworkName para ObjectXSNAConfig.ObjectXSNAConfig en iconfig.dll, (2) el valor de propiedad CPName property para ObjectXSNAConfig.ObjectXSNAConfig en iconfig.dll, (3) el valor de propiedad PrinterName para ProfileEditor.PrintPasteControl en ProfEdit.dll, (4) el argumento Data para la función WriteRecords en FTXBIFFLib.AS400FtxBIFF en FtxBIFF.dll, (5) el valor de propiedad Serialized para NMSECCOMPARAMSLib.SSL3 en NMSecComParams.dll, (6) el valor de propiedad UserName para NMSECCOMPARAMSLib.FirewallProxy en NMSecComParams.dll, (7) el valor de propiedad LUName para ProfileEditor.MFSNAControl en ProfEdit.dll, (8) el argumento newVal argument para la función Load en FTPSFTPLib.SFtpSession en FTPSFtp.dll o (9) un archivo Host largo en el FTP Client. • https://www.exploit-db.com/exploits/39857 http://community.microfocus.com/microfocus/mainframe_solutions/rumba/w/knowledge_base/28601.rumba-9-4-stack-buffer-overflow-vulnerabilities.aspx http://www.securityfocus.com/bid/91548 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5327.php https://cxsecurity.com/issue/WLB-2016050136 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •