CVE-2021-31800
https://notcve.org/view.php?id=CVE-2021-31800
Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key. Se presentan múltiples vulnerabilidades de salto de ruta en el archivo smbserver.py en Impacket versiones hasta 0.9.22. Un atacante que se conecta a una instancia de smbserver en ejecución puede enumerar y escribir en archivos arbitrarios por medio de un salto de directorio ../. • https://github.com/Louzogh/CVE-2021-31800 https://github.com/p0dalirius/CVE-2021-31800-Impacket-SMB-Server-Arbitrary-file-read-write https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L2008 https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L2958 https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L3485 https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2020-9437
https://notcve.org/view.php?id=CVE-2020-9437
SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side template injection that allows for script execution, in the same manner as XSS. El archivo SecureAuth.aspx en SecureAuth IdP versión 9.3.0, sufre de una inyección de plantilla del lado del cliente que permite una ejecución de script, de la misma manera como un ataque de tipo XSS • https://docs.secureauth.com/display/SID/SecureAuth+IdP+Latest+Releases https://know.bishopfox.com/advisories https://labs.bishopfox.com/advisories/secureauth-version-9.3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •