CVE-2017-9377
https://notcve.org/view.php?id=CVE-2017-9377
A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can exploit this vulnerability to completely compromise the vulnerable device. Se ha identificado una inyección de comandos en dispositivos Barco ClickShare Base Unit con firmware CSM-1 en versiones anteriores a la 1.7.0.3 y firmware CSC-1 en versiones anteriores a la 1.10.0.10. Un atacante que tenga acceso a la API web del producto puede explotar esta vulnerabilidad para comprometer de forma total el dispositivo vulnerable. • http://www.securityfocus.com/bid/101617 https://www.barco.com/en/Support/software/R33050037 https://www.barco.com/en/support/software/R33050020 https://www.contextis.com/resources/advisories/cve-2017-9377 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2017-12460
https://notcve.org/view.php?id=CVE-2017-12460
An issue was discovered in Barco ClickShare CSM-1 firmware before v1.7.0.3 and CSC-1 firmware before v1.10.0.10. An authenticated user can manage the wallpaper collection in the webUI to be shown as background on the ClickShare product. By uploading a wallpaper with a specially crafted name, an HTML injection can be triggered as special characters are not neutralized before output. Se ha descubierto un problema en Barco ClickShare con firmware CSM-1 anterior a v1.7.0.3 y firmware CSC-1 anterior a v1.10.0.10. Un usuario autenticado puede gestionar la colección de fondos de pantalla en la interfaz de usuario web para que se muestre como fondo en el producto ClickShare. • https://www.barco.com/en/Support/software/R33050037 https://www.barco.com/en/support/knowledge-base/KB5169 https://www.barco.com/en/support/software/R33050020 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-3151
https://notcve.org/view.php?id=CVE-2016-3151
Directory traversal vulnerability in the wallpaper parsing functionality in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to read /etc/shadow via unspecified vectors. Vulnerabilidad de salto de directorio en la funcionalidad de análisis de fondos de pantalla en dispositivos Barco ClickShare CSC-1 con firmware anterior a 01.09.03, CSM-1 con firmware anterior a 01.06.02 y CSE-200 con firmware anterior a 01.03.02 permite a atacantes remotos leer /etc/shadow a través de vectores no especificados. • http://packetstormsecurity.com/files/139713/Barco-ClickShare-XSS-Remote-Code-Execution-Path-Traversal.html http://www.securityfocus.com/archive/1/539754/100/0/threaded http://www.securityfocus.com/bid/94330 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2016-3149
https://notcve.org/view.php?id=CVE-2016-3149
Barco ClickShare CSC-1 devices with firmware before 01.09.03 and CSM-1 devices with firmware before 01.06.02 allow remote attackers to execute arbitrary code via unspecified vectors. Los dispositivos Barco ClickShare CSC-1 con firmware anterior a 01.09.03 y CSM-1 con firmware anterior a 01.06.02 permiten a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. • http://packetstormsecurity.com/files/139713/Barco-ClickShare-XSS-Remote-Code-Execution-Path-Traversal.html http://www.securityfocus.com/archive/1/539754/100/0/threaded http://www.securityfocus.com/bid/94323 •
CVE-2016-3150
https://notcve.org/view.php?id=CVE-2016-3150
Cross-site scripting (XSS) vulnerability in wallpaper.php in the Base Unit in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 devices with firmware before 01.03.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en wallpaper.php en el Base Unit en dispositivos Barco ClickShare CSC-1 con firmware anterior a 01.09.03, CSM-1 con firmware anteriores a 01.06.02 y CSE-200 con firmware anterior a 01.03.02 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://packetstormsecurity.com/files/139713/Barco-ClickShare-XSS-Remote-Code-Execution-Path-Traversal.html http://www.securityfocus.com/archive/1/539754/100/0/threaded http://www.securityfocus.com/bid/94330 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •