Connection Broker

connection_broker

Vendor: Leostream • 5 CVEs

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-41551 1Leostream 1Connection Broker Nov 21, 2024 Jan 18, 2022 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 Leostream Connection Broker 9.0.40.17 allows administrators to conduct directory traversal attacks by uploading z ZIP file that contains a symbolic link.
CVE-2021-41550 1Leostream 1Connection Broker Nov 21, 2024 Jan 18, 2022 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 Leostream Connection Broker 9.0.40.17 allows administrator to upload and execute Perl code.
CVE-2021-38157 1Leostream 1Connection Broker Nov 21, 2024 Aug 6, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated Reflected XSS via the /index.pl user parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2020-26574 1Leostream 1Connection Broker Nov 21, 2024 Oct 6, 2020 N/A· v4 9.6 CRITICAL· v3 9.3 HIGH· v2 Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they lo...Show more Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the admin to upload a malicious Perl script that will be executed as root via libMisc::browser_client. NOTE: This vulnerability only affects products that are no longer supported by the maintainerShow less
CVE-2018-18817 1Leostream 2Agent Connection Broker Nov 21, 2024 Oct 30, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 The Leostream Agent before Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier allows remote attackers to modify registry keys via the Leostream Agent API.