CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41550
https://notcve.org/view.php?id=CVE-2021-41550
Leostream Connection Broker 9.0.40.17 allows administrator to upload and execute Perl code. Leostream Connection Broker versión 9.0.40.17, permite al administrador cargar y ejecutar código Perl • https://leostream.com/wp-content/uploads/2018/11/Leostream_release_notes.pdf https://www.leostream.com/resource/leostream-connection-broker-9-0 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41551
https://notcve.org/view.php?id=CVE-2021-41551
Leostream Connection Broker 9.0.40.17 allows administrators to conduct directory traversal attacks by uploading z ZIP file that contains a symbolic link. Leostream Connection Broker 9.0.40.17, permite a administradores llevar a cabo ataques de salto de directorio mediante la carga de un archivo ZIP que contiene un enlace simbólico • https://leostream.com/wp-content/uploads/2018/11/Leostream_release_notes.pdf https://www.leostream.com/resource/leostream-connection-broker-9-0 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-38157
https://notcve.org/view.php?id=CVE-2021-38157
LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated Reflected XSS via the /index.pl user parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer LeoStream Connection Broker versiones 9.x anteriores a 9.0.34.3, permite un ataque de tipo XSS reflejado no autenticado por medio del parámetro user /index.pl. NOTA: Esta vulnerabilidad sólo afecta a productos que ya no son soportados por el mantenedor • https://dgccpa.com https://gist.github.com/erud1te-sec/5c85924cb78ba85af42e0b7b62a5ec91 https://leostream.com https://www.leostream.com/resources-2/product-lifecycle • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 1CVE-2020-26574
https://notcve.org/view.php?id=CVE-2020-26574
Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the admin to upload a malicious Perl script that will be executed as root via libMisc::browser_client. NOTE: This vulnerability only affects products that are no longer supported by the maintainer Leostream Connection Broker versión 8.2.x está afectado por una vulnerabilidad de tipo XSS almacenado. • https://adepts.of0x.cc/leostream-xss-to-rce https://www.leostream.com/resources/product-lifecycle • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-18817
https://notcve.org/view.php?id=CVE-2018-18817
The Leostream Agent before Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier allows remote attackers to modify registry keys via the Leostream Agent API. Leostream Agent en versiones anteriores a la Build 7.0.1.0 al emplearse con Leostream Connection Broker 8.2.72 o anteriores permite que atacantes remotos modifiquen las claves de registro mediante la API Leostream Agent. • https://leostream.kayako.com/Knowledgebase/Article/View/85/52/leostream-agent-security-update •