NEWS & EVENTS

SERVICES

This service analyses sets of email file in .eml format to identify the unsolicited ones (SPAM). Moreover, the service...

The service detects malicious signatures in analysed files, by scanning it with 57 different commercial anti-malware....

The service offers a survey to check the compliance of an organization with the GDPR (General Data Protection...

This service shows statistics related to Tweets related to Cyber-Security, allowing to search them by keywords such as...

LATEST CVE

Published Description
CVE-2018-9082
28-09-2018 16:29:01
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the password changing functionality available to authenticated users does not require the user's current password to set a new one. As a result, attackers with access to the user's session tokens can change their password and retain access to the user's account
CVE-2018-9081
28-09-2018 16:29:01
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. As a result, adversaries can add files to shares accessible from the Content Viewer with a cross site scripting payload in its name, and wait for a user to try and rename the file for their payload to trigger.
CVE-2018-9075
28-09-2018 16:29:00
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when joining a PersonalCloud setup, an attacker can craft a command injection payload using backtick "``" characters in the client:password parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.
CVE-2018-9074
28-09-2018 16:29:00
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file upload functionality of the Content Explorer application is vulnerable to path traversal. As a result, users can upload files anywhere on the device's operating system as the root user.
CVE-2018-9077
28-09-2018 16:29:00
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the share : name parameter. As a result, arbitrary commands may be executed as the root user. The attack requires a value __c and iomega parameter.

Pages