CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-1019 – Automated Logic WebCtrl Server Open Redirection Vulnerability
https://notcve.org/view.php?id=CVE-2022-1019
19 Apr 2022 — Automated Logic's WebCtrl Server Version 6.1 'Help' index pages are vulnerable to open redirection. The vulnerability allows an attacker to send a maliciously crafted URL which could result in redirecting the user to a malicious webpage or downloading a malicious file. Las páginas de índice de "Help" del servidor WebCtrl de Automated Logic versión 6.1, son vulnerables a un redireccionamiento abierto. La vulnerabilidad permite a un atacante enviar una URL maliciosamente diseñada que podría redirigir al usuar... • https://www.corporate.carrier.com/Images/CARR-PSA-ALC-WebCTRL-001-1121_tcm558-149395.pdf • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 33%CPEs: 1EXPL: 4CVE-2021-31682 – WebCTRL OEM 6.5 - 'locale' Reflected Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2021-31682
22 Oct 2021 — The login portal for the Automated Logic WebCTRL/WebCTRL OEM web application contains a vulnerability that allows for reflected XSS attacks due to the operatorlocale GET parameter not being sanitized. This issue impacts versions 6.5 and below. This issue works by passing in a basic XSS payload to a vulnerable GET parameter that is reflected in the output without sanitization. El portal de inicio de sesión de la aplicación web WebCTRL/WebCTRL OEM de Automated Logic contiene una vulnerabilidad que permite ata... • https://packetstorm.news/files/id/164707 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2016-5795
https://notcve.org/view.php?id=CVE-2016-5795
31 Aug 2017 — An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or connected network. Se descubrió una vulnerabilidad XXE en Automated Logic Corporation (ALC) Liebert SiteScan Web en versio... • http://www.securityfocus.com/bid/100558 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.5EPSS: 2%CPEs: 10EXPL: 2CVE-2017-9640 – Automated Logic WebCTRL 6.1 - Path Traversal / Arbitrary File Write
https://notcve.org/view.php?id=CVE-2017-9640
23 Aug 2017 — A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to overwrite files that are used to execute code. This vulnerability does not affect version 6.5 of the software. Se ha descubierto un problema de salto de directorio en Automated L... • https://packetstorm.news/files/id/143896 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.0EPSS: 0%CPEs: 13EXPL: 2CVE-2017-9644 – Automated Logic WebCTRL 6.5 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-9644
23 Aug 2017 — An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges. Se ha descubierto un ... • https://packetstorm.news/files/id/143895 • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 2CVE-2017-9650 – Automated Logic WebCTRL 6.5 - Unrestricted File Upload / Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-9650
23 Aug 2017 — An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to upload a malicious file allowing the execution of arbitrary code. Se ha descubierto un problema de carga de archivos sin restricciones con tipo... • https://packetstorm.news/files/id/143897 • CWE-434: Unrestricted Upload of File with Dangerous Type •