Page 5 of 31 results (0.003 seconds)

CVSS: 9.8EPSS: 35%CPEs: 1EXPL: 1

A vulnerability in lack of validation of user-supplied parameters pass to XML-RPC calls on SonicWall Global Management System (GMS) virtual appliance's, allow remote user to execute arbitrary code. This vulnerability affected GMS version 8.1 and earlier. Una vulnerabilidad en la falta de validación de parámetros proporcionados por el usuario pasados a llamadas XML-RPC en los dispositivos virtuales SonicWall Global Management System (GMS) permite que usuarios remotos ejecuten código arbitrario. Esta vulnerabilidad afecta a GMS en versiones 8.1 y anteriores. • https://github.com/rapid7/metasploit-framework/pull/10305 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0007 https://twitter.com/ddouhine/status/1019251292202586112 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 1

SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module. SonicWall Global Management System (GMS) 8.1 tiene XSS mediante los valores "newName" y "Name" del módulo "/sgms/TreeControl". • http://documents.software.dell.com/sonicwall-gms-os/8.2/release-notes/known-issues?ParentProduct=867 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0003 https://www.vulnerability-lab.com/get_content.php?id=1819 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.9EPSS: 11%CPEs: 10EXPL: 0

The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input. La aplicación web GMS ViewPoint (GMSVP) en Dell SonicWALL GMS, Analyzer y UMA EM5000 7.2, 8.0 y 8.1 en versiones anteriores a Hotfix 168056 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de vectores relacionados con la entrada de configuración. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell SonicWALL GMS Virtual Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within the GMS ViewPoint (GMSVP) web application. The issue lies in the handling of configuration input due to a failure to safely sanitize user data before executing a command. • http://www.securitytracker.com/id/1035015 http://www.zerodayinitiative.com/advisories/ZDI-16-164 https://support.software.dell.com/product-notification/185943 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 10.0EPSS: 13%CPEs: 10EXPL: 0

The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data. La implementación de cliserver en Dell SonicWALL GMS, Analyzer y UMA EM5000 7.2, 8.0 y 8.1 en versiones anteriores a Hotfix 168056 permite a atacantes remotos deserializar y ejecutar código Java arbitrario a través de datos XML manipulados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Dell SonicWALL GMS Virtual Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the cliserver implementation, which accepts, deserializes, and executes XML-encoded, serialized Java code. An attacker can leverage this vulnerability to execute arbitrary code under the context of root. • http://www.securitytracker.com/id/1035015 http://www.zerodayinitiative.com/advisories/ZDI-16-163 https://support.software.dell.com/product-notification/185943 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 9.0EPSS: 13%CPEs: 4EXPL: 0

The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration. La aplicación web GMS ViewPoint (GMSVP) en Dell Sonicwall GMS, Analyzer, y UMA EM5000 anterior a 7.2 SP4 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de vectores relacionados con la configuración. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Dell SonicWALL Global Management System (GMS) virtual appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within the GMS ViewPoint (GMSVP) web application. The issue lies in the handling of configuration input due to a failure to safely sanitize user data before executing a command. • http://www.securityfocus.com/bid/74756 http://www.securitytracker.com/id/1032373 http://www.zerodayinitiative.com/advisories/ZDI-15-231 https://support.software.dell.com/product-notification/152178 • CWE-19: Data Processing Errors •