4 results (0.007 seconds)

CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0

Cross-site scripting (XSS) vulnerability in the WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en F-Secure Policy Manager v7.x, v8.00 anterior al hotfix v2, v8.1x anterior al hotfix v3 en Windows y hotfix v2 en Linux, y v9.00 anterior al hotfix v4 en Windows y hotfix v2 en Linux, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores desconocidos. • http://secunia.com/advisories/43049 http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2011-2.html http://www.securityfocus.com/bid/46547 http://www.securitytracker.com/id?1025124 http://www.vupen.com/english/advisories/2011/0509 https://exchange.xforce.ibmcloud.com/vulnerabilities/65665 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0

The WebReporting module in F-Secure Policy Manager 7.x, 8.00 before hotfix 2, 8.1x before hotfix 3 on Windows and hotfix 2 on Linux, and 9.00 before hotfix 4 on Windows and hotfix 2 on Linux, allows remote attackers to obtain sensitive information via a request to an invalid report, which reveals the installation path in an error message, as demonstrated with requests to (1) report/infection-table.html or (2) report/productsummary-table.html. El módulo WebReporting en F-Secure Policy Manager v7.x, v8.00 anterior al hotfix v2, v8.1x anterior al hotfix v3 en Windows y hotfix v2 en Linux, y v9.00 anterior al hotfix v4 en Windows y hotfix v2 en Linux, permite a atacantes remotos obtener información sensible a través de una solicitud para un report no válido, lo que permite revelar la ruta de instalación en un mensaje de error, como se demostró con las solicitudes para (1) report/infection-table.html o report/productsummary-table.html. • http://secunia.com/advisories/43049 http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2011-2.html http://www.securitytracker.com/id?1025124 http://www.vupen.com/english/advisories/2011/0509 https://exchange.xforce.ibmcloud.com/vulnerabilities/65664 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 14%CPEs: 1EXPL: 1

The fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and earlier allows remote attackers to cause a denial of service (application crash) via NTFS reserved words in filenames in URLs. El módulo del host fsmsh.dll en el F-Secure Policy Manager Server 7.00 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de palabras reservadas NTFS en nombres de archivos en las URLs. • https://www.exploit-db.com/exploits/30104 http://osvdb.org/36723 http://secunia.com/advisories/25449 http://www.f-secure.com/security/fsc-2007-4.shtml http://www.securityfocus.com/bid/24233 http://www.securitytracker.com/id?1018149 http://www.vupen.com/english/advisories/2007/1986 https://exchange.xforce.ibmcloud.com/vulnerabilities/34584 •

CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 2

The Management Agent in F-Secure Policy Manager 5.11.2810 allows remote attackers to gain sensitive information, such as the absolute path for the web server, via an HTTP request to fsmsh.dll without any parameters. • https://www.exploit-db.com/exploits/24811 http://marc.info/?l=bugtraq&m=110262921306862&w=2 http://www.oliverkarow.de/research/f-secure.txt http://www.securityfocus.com/bid/11869 https://exchange.xforce.ibmcloud.com/vulnerabilities/18413 •