CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 2CVE-2018-8819 – WebCTRL Out-Of-Band XML Injection
https://notcve.org/view.php?id=CVE-2018-8819
09 Jun 2018 — An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web server OS via the "X-Wap-Profile" HTTP header. Se ha descubierto un problema de XEE (XML External Entity) en Automated Logic Corporation (ALC) WebCTRL en versiones 6.0, 6.1 y 6.5. Un atacante no autenticado podría introducir ent... • https://packetstorm.news/files/id/148126 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2016-5795
https://notcve.org/view.php?id=CVE-2016-5795
31 Aug 2017 — An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or connected network. Se descubrió una vulnerabilidad XXE en Automated Logic Corporation (ALC) Liebert SiteScan Web en versio... • http://www.securityfocus.com/bid/100558 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.5EPSS: 2%CPEs: 10EXPL: 2CVE-2017-9640 – Automated Logic WebCTRL 6.1 - Path Traversal / Arbitrary File Write
https://notcve.org/view.php?id=CVE-2017-9640
23 Aug 2017 — A Path Traversal issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web prior to 6.5; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to overwrite files that are used to execute code. This vulnerability does not affect version 6.5 of the software. Se ha descubierto un problema de salto de directorio en Automated L... • https://packetstorm.news/files/id/143896 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.0EPSS: 0%CPEs: 13EXPL: 2CVE-2017-9644 – Automated Logic WebCTRL 6.5 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-9644
23 Aug 2017 — An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges. Se ha descubierto un ... • https://packetstorm.news/files/id/143895 • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 2CVE-2017-9650 – Automated Logic WebCTRL 6.5 - Unrestricted File Upload / Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-9650
23 Aug 2017 — An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to upload a malicious file allowing the execution of arbitrary code. Se ha descubierto un problema de carga de archivos sin restricciones con tipo... • https://packetstorm.news/files/id/143897 • CWE-434: Unrestricted Upload of File with Dangerous Type •