RSS   Podatności dla 'Anti-virus for linux server'   RSS

2017-07-17
 
CVE-2017-9813

 
 
In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting (XSS).

 
 
CVE-2017-9812

 
 
The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312) to read arbitrary files with kluser privileges.

 
 
CVE-2017-9811

 
 
The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine read and write operations, it is possible to elevate the privileges to root.

 
 
CVE-2017-9810

CWE-352
 
 
There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacker to submit authenticated requests when an authenticated user browses an attacker-controlled domain.

 

 >>> Vendor: Kaspersky 25 Produkty
Kaspersky anti-virus
Kaspersky internet security
Kaspersky anti-virus scanner
Kaspersky online scanner
Kaspersky internet security 2010
Total security 2015
Safe browser
Internet security
Total security
Anti-virus
Anti-virus for linux server
Embedded systems security
Secure mail gateway
Free anti-virus
Small office security
Protection
Security cloud
Secure connection
Vpn secure connection
Virus removal tool
Anti-ransomware tool
Tinycheck
Endpoint security
Rescue disk
Password manager

Copyright 2024, cxsecurity.com

 

Back to Top