CVE-2018-10175 – Digital Guardian Management Console 7.1.2.0015 XXE Injection
https://notcve.org/view.php?id=CVE-2018-10175
Digital Guardian Management Console 7.1.2.0015 has an XXE issue. Digital Guardian Management Console 7.1.2.0015 tiene un problema de XEE (XML External Entity). Digital Guardian Management Console version 7.1.2.0015 suffers from an XML external entity injection vulnerability. • http://packetstormsecurity.com/files/147261/Digital-Guardian-Management-Console-7.1.2.0015-XXE-Injection.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2018-10174 – Digital Guardian Management Console 7.1.2.0015 Server Side Request Forgery
https://notcve.org/view.php?id=CVE-2018-10174
Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that allows remote attackers to read arbitrary files via file:// URLs, send TCP traffic to intranet hosts, or obtain an NTLM hash. This can occur even if the logged-in user has a read-only role. Digital Guardian Management Console 7.1.2.0015 tiene un problema de SSRF que permite que los atacantes remotos lean archivos mediante URL file://, envíen tráfico TCP a hosts de la intranet u obtengan un hash NTLM. Esto puede ocurrir incluso si el usuario que ha iniciado sesión tiene un rol de solo lectura. Digital Guardian Management Console version 7.1.2.0015 suffer from a server-side request forgery vulnerability. • http://packetstormsecurity.com/files/147260/Digital-Guardian-Management-Console-7.1.2.0015-Server-Side-Request-Forgery.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2018-10176 – Digital Guardian Management Console 7.1.2.0015 Arbitrary File Read
https://notcve.org/view.php?id=CVE-2018-10176
Digital Guardian Management Console 7.1.2.0015 has a Directory Traversal issue. Digital Guardian Management Console 7.1.2.0015 tiene un problema de salto de directorio. Digital Guardian Management Console version 7.1.2.0015 suffers from an arbitrary file read vulnerability. • http://packetstormsecurity.com/files/147242/Digital-Guardian-Management-Console-7.1.2.0015-Arbitrary-File-Read.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2018-10173 – Digital Guardian Management Console 7.1.2.0015 Shell Upload
https://notcve.org/view.php?id=CVE-2018-10173
Digital Guardian Management Console 7.1.2.0015 allows authenticated remote code execution because of Arbitrary File Upload functionality. Digital Guardian Management Console 7.1.2.0015 permite la ejecución remota de código autenticado debido a una funcionalidad de subida de archivos arbitrarios. Digital Guardian Management Console version 7.1.2.0015 suffers from a shell upload vulnerability that allows for remote code execution. • http://packetstormsecurity.com/files/147244/Digital-Guardian-Management-Console-7.1.2.0015-Shell-Upload.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2017-6323
https://notcve.org/view.php?id=CVE-2017-6323
The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0_POST_HF6, and ITMS 7.6_POST_HF7 has an issue whereby XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. Symantec Management Console, en versiones anteriores a la ITMS 8.1 RU1, ITMS 8.0_POST_HF6 e ITMS 7.6_POST_HF7, tiene un problema por el cual las entradas XML que contienen una referencia a una entidad externa son procesadas por un analizador XML mal configurado. Este ataque podría conducir a la revelación de datos confidenciales, denegación de servicio (DoS), Server-Side Request Forgery, escaneo de puertos desde la perspectiva de la máquina en la que está el analizador y otros impactos del sistema. • http://www.securityfocus.com/bid/98621 https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170628_00 • CWE-611: Improper Restriction of XML External Entity Reference •