By default, only local administrators can write executables to the vulnerable directories. This enables local privilege escalation to SYSTEM user. SQL injection vulnerabilities in Centreon through 19.04 allow attacks via the svc_id parameter in include/monitoring/status/Services/xml/makeXMLForOneService.php.Įmlog through 6.0.0beta has an arbitrary file deletion vulnerability via an admin/data.php?action=dell_all_bak request with directory traversal sequences in the bak parameter.įorcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. ![]() Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. Patch information is provided when available. This information may include identifying information, values, definitions, and related links.
0 Comments
Leave a Reply. |