施耐德 U.motion Builder软件被爆20多个0Day漏洞-阿里云开发者社区

开发者社区> 数据库> 正文

施耐德 U.motion Builder软件被爆20多个0Day漏洞

晚来风急 2017-09-01 928浏览量

简介:

12日,Zero Day网站(ZDI)一口气公布了施耐德20多个0Day,公开的原因是,从漏洞提交给厂商,到发布信息时止,已经超过了ZDI跟厂商约定的120天时间。0Day大多是涉及到 U.motion Builder。内容太多了,大家慢慢看吧。U.motion Builder据说跟楼宇能效管理系统相关。

ZDI-17-392 CVE: Published: 2017-06-12
(0Day) Schneider Electric U.motion Builder Local Privilege Escalation Vulnerability
ZDI-17-391 CVE: Published: 2017-06-12
(0Day) Schneider Electric U.motion Builder Embedded Session ID Authentication Bypass Vulnerability
ZDI-17-390 CVE: Published: 2017-06-12
(0Day) Schneider Electric U.motion Builder css.inc Directory Traversal Information Disclosure Vulnerability
ZDI-17-389 CVE: Published: 2017-06-12
(0Day) Schneider Electric U.motion Builder runscript Directory Traversal Information Disclosure Vulnerability
ZDI-17-388 CVE: Published: 2017-06-12
(0Day) Schneider Electric U.motion Builder file_picker Directory Traversal Arbitrary File Upload Remote Code Execution Vulnerability
ZDI-17-387 CVE: Published: 2017-06-12
(0Day) Schneider Electric U.motion Builder SOAP Request Remote SQL Command Execution Vulnerability
ZDI-17-386 CVE: Published: 2017-06-12
(0Day) Schneider Electric U.motion Builder Error Message Path Information Disclosure Vulnerability
ZDI-17-385 CVE: Published: 2017-06-12
(0Day) Schneider Electric U.motion Builder error Information Disclosure Vulnerability
ZDI-17-384 CVE: Published: 2017-06-12
(0Day) Schneider Electric U.motion Builder editobject SQL Injection Remote Code Execution Vulnerability
ZDI-17-383 CVE: Published: 2017-06-12
(0Day) Schneider Electric U.motion Builder xmlserver SQL Injection Remote Code Execution Vulnerability
ZDI-17-382 CVE: Published: 2017-06-12
(0Day) Schneider Electric U.motion Builder track_getdata SQL Injection Remote Code Execution Vulnerability
ZDI-17-381 CVE: Published: 2017-06-12
(0Day) Schneider Electric U.motion Builder nfcserver SQL Injection Remote Code Execution Vulnerability
ZDI-17-380 CVE: Published: 2017-06-12
(0Day) Schneider Electric U.motion Builder localize SQL Injection Remote Code Execution Vulnerability
ZDI-17-379 CVE: Published: 2017-06-12
(0Day) Schneider Electric U.motion Builder syslog_getdata SQL Injection Remote Code Execution Vulnerability
ZDI-17-378 CVE: Published: 2017-06-12
(0Day) Schneider Electric U.motion Builder track_import_export SQL Injection Remote Code Execution Vulnerability
ZDI-17-377 CVE: Published: 2017-06-12
(0Day) Schneider Electric U.motion Builder HTTP Cookie SQL Injection Remote Code Execution Vulnerability
ZDI-17-376 CVE: Published: 2017-06-12
(0Day) Schneider Electric U.motion Builder editscript Directory Traversal Remote Code Execution Vulnerability
ZDI-17-375 CVE: Published: 2017-06-12
(0Day) Schneider Electric U.motion Builder message_simple_html reboot Parameter Denial of Service Vulnerability
ZDI-17-374 CVE: Published: 2017-06-12
(0Day) Schneider Electric U.motion Builder loadtemplate SQL Injection Remote Code Execution Vulnerability
ZDI-17-373 CVE: Published: 2017-06-12
(0Day) Schneider Electric U.motion Builder sendmail email_attachment Parameter Absolute Path Traversal Information Disclosure Vulnerability
ZDI-17-372 CVE: Published: 2017-06-12
(0Day) Schneider Electric U.motion Builder Hard-Coded Password Remote Code Execution Vulnerability


原文发布时间:2017年6月13日
本文由:zeroday发布,版权归属于原作者
原文链接:http://toutiao.secjia.com/schneider-u-motion-builder-exposes-0day-vulnerabilities
本文来自云栖社区合作伙伴安全加,了解相关信息可以关注安全加网站
SQL 安全

版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。

分享:
数据库
使用钉钉扫一扫加入圈子
+ 订阅

分享数据库前沿,解构实战干货,推动数据库技术变革

其他文章
展开