5 results (0.013 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

The Web Application Firewall (WAF) in Kemp LoadMaster 7.2.54.1 allows certain uses of onmouseover to bypass an XSS protection mechanism. El firewall de aplicaciones web (WAF) en Kemp LoadMaster 7.2.54.1 permite ciertos usos de onmouseover para evitar un mecanismo de protección XSS. • https://pastebin.com/kpx9Nvbf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0

A critical vulnerability in the KEMP LoadMaster Operating System (LMOS) 6.0.44 through 7.2.41.2 and Long Term Support (LTS) LMOS before 7.1.35.5 related to Session Management could allow an unauthenticated, remote attacker to bypass security protections, gain system privileges, and execute elevated commands such as ls, ps, cat, etc., thereby compromising the system. Through this remote execution, in certain cases, exposure of sensitive system data such as certificates, private keys, and other information may be possible. Una vulnerabilidad crítica relacionada con la gestión de sesiones en KEMP LoadMaster Operating System (LMOS), de la versión 6.0.44 hasta la 7.2.41.2, y Long Term Support (LTS) LMOS, en versiones anteriores a la 7.1.35.5, podría permitir que un atacante remoto no autenticado omita las protecciones de seguridad, obtenga privilegios del sistema y ejecute comandos elevados como ls, ps, cat, etc., comprometiendo el sistema. Mediante esta ejecución remota, en ciertos casos, podrían exponerse datos sensibles del sistema como certificados, claves privadas u otro tipo de información. • https://support.kemptechnologies.com/hc/en-us/articles/360001982452-Mitigation-for-Remote-Access-Execution-Vulnerability •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1

The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request. El componente Application Firewall Pack (AFP, también conocido como Web Application Firewall) en los dispositivos Kemp Load Balancer con versiones de software anteriores a la 7.2.40.1 permite que se omita la característica de seguridad mediante una petición HTTP POST. Kemp load balancers with AFP WAF functionality versions 7.1.30 through 7.2.40 suffer from a POST bypass vulnerability. • http://www.securityfocus.com/archive/1/541602/100/0/threaded https://kemptechnologies.com/files/assets/documentation/7.2/release-notes/Release_Notes-LoadMaster.pdf?pdf-file-view=1 https://www.pallas.com/advisories/cve_2017_15524_kemp_afp_waf_bug_on_post_data •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2

A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via unspecified vectors in administrative pages. Se presenta una vulnerabilidad CSRF en Kemp Load Master versiones anteriores a 7.0-18a por medio de vectores no especificados en páginas administrativas. Kemp Load Master version 7.1-16 suffers from code execution, cross site request forgery, cross site scripting, and denial of service vulnerabilities. • https://www.exploit-db.com/exploits/36609 http://packetstormsecurity.com/files/131284/Kemp-Load-Master-7.1-16-CSRF-XSS-DoS-Code-Execution.html • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2

A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface (WUI). Existe una vulnerabilidad de inyección de script Bash en Kemp Load Master versión 7.1-16 y anteriores, debido a un fallo en el saneamiento de la entrada en la Interfaz de Usuario Web (WUI). Kemp Load Master version 7.1-16 suffers from code execution, cross site request forgery, cross site scripting, and denial of service vulnerabilities. • https://www.exploit-db.com/exploits/36609 http://packetstormsecurity.com/files/131284/Kemp-Load-Master-7.1-16-CSRF-XSS-DoS-Code-Execution.html https://www.fxc.jp/news/Product_Overview-LoadMaster_Release_Notes.pdf • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •