CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 2CVE-2018-8819 – WebCTRL Out-Of-Band XML Injection
https://notcve.org/view.php?id=CVE-2018-8819
09 Jun 2018 — An XXE issue was discovered in Automated Logic Corporation (ALC) WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web server OS via the "X-Wap-Profile" HTTP header. Se ha descubierto un problema de XEE (XML External Entity) en Automated Logic Corporation (ALC) WebCTRL en versiones 6.0, 6.1 y 6.5. Un atacante no autenticado podría introducir ent... • https://packetstorm.news/files/id/148126 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2016-5795
https://notcve.org/view.php?id=CVE-2016-5795
31 Aug 2017 — An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser causing the application to execute arbitrary code or disclose file contents from a server or connected network. Se descubrió una vulnerabilidad XXE en Automated Logic Corporation (ALC) Liebert SiteScan Web en versio... • http://www.securityfocus.com/bid/100558 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.0EPSS: 0%CPEs: 13EXPL: 2CVE-2017-9644 – Automated Logic WebCTRL 6.5 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-9644
23 Aug 2017 — An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges. Se ha descubierto un ... • https://packetstorm.news/files/id/143895 • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 2CVE-2017-9650 – Automated Logic WebCTRL 6.5 - Unrestricted File Upload / Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-9650
23 Aug 2017 — An Unrestricted Upload of File with Dangerous Type issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An authenticated attacker may be able to upload a malicious file allowing the execution of arbitrary code. Se ha descubierto un problema de carga de archivos sin restricciones con tipo... • https://packetstorm.news/files/id/143897 • CWE-434: Unrestricted Upload of File with Dangerous Type •