CVE-2022-35412
https://notcve.org/view.php?id=CVE-2022-35412
Digital Guardian Agent 7.7.4.0042 allows an administrator (who ordinarily does not have a supported way to uninstall the product) to disable some of the agent functionality and then exfiltrate files to an external USB device. Digital Guardian Agent versión 7.7.4.0042, permite a un administrador (que normalmente no presenta una forma soportada de desinstalar el producto) deshabilitar algunas de las funcionalidades del agente y luego exfiltrar archivos a un dispositivo USB externo • https://github.com/i014n/DigitalGuardian-DLP-Agent-vulnerability https://www.tenforums.com/tutorials/46259-block-unblock-legacy-file-system-filter-drivers-windows-10-a.html •
CVE-2018-10175 – Digital Guardian Management Console 7.1.2.0015 XXE Injection
https://notcve.org/view.php?id=CVE-2018-10175
Digital Guardian Management Console 7.1.2.0015 has an XXE issue. Digital Guardian Management Console 7.1.2.0015 tiene un problema de XEE (XML External Entity). Digital Guardian Management Console version 7.1.2.0015 suffers from an XML external entity injection vulnerability. • http://packetstormsecurity.com/files/147261/Digital-Guardian-Management-Console-7.1.2.0015-XXE-Injection.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2018-10174 – Digital Guardian Management Console 7.1.2.0015 Server Side Request Forgery
https://notcve.org/view.php?id=CVE-2018-10174
Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that allows remote attackers to read arbitrary files via file:// URLs, send TCP traffic to intranet hosts, or obtain an NTLM hash. This can occur even if the logged-in user has a read-only role. Digital Guardian Management Console 7.1.2.0015 tiene un problema de SSRF que permite que los atacantes remotos lean archivos mediante URL file://, envíen tráfico TCP a hosts de la intranet u obtengan un hash NTLM. Esto puede ocurrir incluso si el usuario que ha iniciado sesión tiene un rol de solo lectura. Digital Guardian Management Console version 7.1.2.0015 suffer from a server-side request forgery vulnerability. • http://packetstormsecurity.com/files/147260/Digital-Guardian-Management-Console-7.1.2.0015-Server-Side-Request-Forgery.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2018-10176 – Digital Guardian Management Console 7.1.2.0015 Arbitrary File Read
https://notcve.org/view.php?id=CVE-2018-10176
Digital Guardian Management Console 7.1.2.0015 has a Directory Traversal issue. Digital Guardian Management Console 7.1.2.0015 tiene un problema de salto de directorio. Digital Guardian Management Console version 7.1.2.0015 suffers from an arbitrary file read vulnerability. • http://packetstormsecurity.com/files/147242/Digital-Guardian-Management-Console-7.1.2.0015-Arbitrary-File-Read.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2018-10173 – Digital Guardian Management Console 7.1.2.0015 Shell Upload
https://notcve.org/view.php?id=CVE-2018-10173
Digital Guardian Management Console 7.1.2.0015 allows authenticated remote code execution because of Arbitrary File Upload functionality. Digital Guardian Management Console 7.1.2.0015 permite la ejecución remota de código autenticado debido a una funcionalidad de subida de archivos arbitrarios. Digital Guardian Management Console version 7.1.2.0015 suffers from a shell upload vulnerability that allows for remote code execution. • http://packetstormsecurity.com/files/147244/Digital-Guardian-Management-Console-7.1.2.0015-Shell-Upload.html • CWE-434: Unrestricted Upload of File with Dangerous Type •