Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
5 vulnerabilities by leostream
CVE-2021-41550 (GCVE-0-2021-41550)
Vulnerability from cvelistv5 – Published: 2022-01-18 14:46 – Updated: 2024-08-04 03:15
VLAI
Summary
Leostream Connection Broker 9.0.40.17 allows administrator to upload and execute Perl code.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.leostream.com/resource/leostream-conn… | x_refsource_MISC |
| https://leostream.com/wp-content/uploads/2018/11/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:15:28.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.leostream.com/resource/leostream-connection-broker-9-0/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://leostream.com/wp-content/uploads/2018/11/Leostream_release_notes.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Leostream Connection Broker 9.0.40.17 allows administrator to upload and execute Perl code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-18T14:46:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.leostream.com/resource/leostream-connection-broker-9-0/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://leostream.com/wp-content/uploads/2018/11/Leostream_release_notes.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Leostream Connection Broker 9.0.40.17 allows administrator to upload and execute Perl code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.leostream.com/resource/leostream-connection-broker-9-0/",
"refsource": "MISC",
"url": "https://www.leostream.com/resource/leostream-connection-broker-9-0/"
},
{
"name": "https://leostream.com/wp-content/uploads/2018/11/Leostream_release_notes.pdf",
"refsource": "MISC",
"url": "https://leostream.com/wp-content/uploads/2018/11/Leostream_release_notes.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41550",
"datePublished": "2022-01-18T14:46:04.000Z",
"dateReserved": "2021-09-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:15:28.976Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41551 (GCVE-0-2021-41551)
Vulnerability from cvelistv5 – Published: 2022-01-18 14:45 – Updated: 2024-08-04 03:15
VLAI
Summary
Leostream Connection Broker 9.0.40.17 allows administrators to conduct directory traversal attacks by uploading z ZIP file that contains a symbolic link.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.leostream.com/resource/leostream-conn… | x_refsource_MISC |
| https://leostream.com/wp-content/uploads/2018/11/… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:15:28.605Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.leostream.com/resource/leostream-connection-broker-9-0/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://leostream.com/wp-content/uploads/2018/11/Leostream_release_notes.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Leostream Connection Broker 9.0.40.17 allows administrators to conduct directory traversal attacks by uploading z ZIP file that contains a symbolic link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-18T14:45:57.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.leostream.com/resource/leostream-connection-broker-9-0/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://leostream.com/wp-content/uploads/2018/11/Leostream_release_notes.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Leostream Connection Broker 9.0.40.17 allows administrators to conduct directory traversal attacks by uploading z ZIP file that contains a symbolic link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.leostream.com/resource/leostream-connection-broker-9-0/",
"refsource": "MISC",
"url": "https://www.leostream.com/resource/leostream-connection-broker-9-0/"
},
{
"name": "https://leostream.com/wp-content/uploads/2018/11/Leostream_release_notes.pdf",
"refsource": "MISC",
"url": "https://leostream.com/wp-content/uploads/2018/11/Leostream_release_notes.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41551",
"datePublished": "2022-01-18T14:45:57.000Z",
"dateReserved": "2021-09-22T00:00:00.000Z",
"dateUpdated": "2024-08-04T03:15:28.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38157 (GCVE-0-2021-38157)
Vulnerability from cvelistv5 – Published: 2021-08-06 20:58 – Updated: 2024-08-04 01:37 Unsupported When Assigned
VLAI
Summary
LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated Reflected XSS via the /index.pl user parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Severity
No CVSS data available.
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://dgccpa.com | x_refsource_MISC |
| https://leostream.com | x_refsource_MISC |
| https://www.leostream.com/resources-2/product-lif… | x_refsource_MISC |
| https://gist.github.com/erud1te-sec/5c85924cb78ba… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-38157",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T18:13:35.623778Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:15:29.771Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:37:16.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dgccpa.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://leostream.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.leostream.com/resources-2/product-lifecycle/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/erud1te-sec/5c85924cb78ba85af42e0b7b62a5ec91"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated Reflected XSS via the /index.pl user parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-06T20:58:12.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dgccpa.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://leostream.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.leostream.com/resources-2/product-lifecycle/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/erud1te-sec/5c85924cb78ba85af42e0b7b62a5ec91"
}
],
"tags": [
"unsupported-when-assigned"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPORTED WHEN ASSIGNED ** LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated Reflected XSS via the /index.pl user parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://dgccpa.com",
"refsource": "MISC",
"url": "https://dgccpa.com"
},
{
"name": "https://leostream.com",
"refsource": "MISC",
"url": "https://leostream.com"
},
{
"name": "https://www.leostream.com/resources-2/product-lifecycle/",
"refsource": "MISC",
"url": "https://www.leostream.com/resources-2/product-lifecycle/"
},
{
"name": "https://gist.github.com/erud1te-sec/5c85924cb78ba85af42e0b7b62a5ec91",
"refsource": "MISC",
"url": "https://gist.github.com/erud1te-sec/5c85924cb78ba85af42e0b7b62a5ec91"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38157",
"datePublished": "2021-08-06T20:58:13.000Z",
"dateReserved": "2021-08-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:37:16.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26574 (GCVE-0-2020-26574)
Vulnerability from cvelistv5 – Published: 2020-10-06 14:32 – Updated: 2024-08-04 15:56 Unsupported When Assigned
VLAI
Summary
Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the admin to upload a malicious Perl script that will be executed as root via libMisc::browser_client. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://adepts.of0x.cc/leostream-xss-to-rce/ | x_refsource_MISC |
| https://www.leostream.com/resources/product-lifecycle/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:04.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://adepts.of0x.cc/leostream-xss-to-rce/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.leostream.com/resources/product-lifecycle/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the admin to upload a malicious Perl script that will be executed as root via libMisc::browser_client. NOTE: This vulnerability only affects products that are no longer supported by the maintainer"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-06T14:32:24.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://adepts.of0x.cc/leostream-xss-to-rce/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.leostream.com/resources/product-lifecycle/"
}
],
"tags": [
"unsupported-when-assigned"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNSUPPORTED WHEN ASSIGNED ** Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the admin to upload a malicious Perl script that will be executed as root via libMisc::browser_client. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://adepts.of0x.cc/leostream-xss-to-rce/",
"refsource": "MISC",
"url": "https://adepts.of0x.cc/leostream-xss-to-rce/"
},
{
"name": "https://www.leostream.com/resources/product-lifecycle/",
"refsource": "MISC",
"url": "https://www.leostream.com/resources/product-lifecycle/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26574",
"datePublished": "2020-10-06T14:32:24.000Z",
"dateReserved": "2020-10-06T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:56:04.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18817 (GCVE-0-2018-18817)
Vulnerability from cvelistv5 – Published: 2018-10-30 01:00 – Updated: 2024-09-17 01:10
VLAI
Summary
The Leostream Agent before Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier allows remote attackers to modify registry keys via the Leostream Agent API.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://leostream.kayako.com/Knowledgebase/Articl… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:23:08.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://leostream.kayako.com/Knowledgebase/Article/View/85/52/leostream-agent-security-update"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Leostream Agent before Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier allows remote attackers to modify registry keys via the Leostream Agent API."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-30T01:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://leostream.kayako.com/Knowledgebase/Article/View/85/52/leostream-agent-security-update"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Leostream Agent before Build 7.0.1.0 when used with Leostream Connection Broker 8.2.72 or earlier allows remote attackers to modify registry keys via the Leostream Agent API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://leostream.kayako.com/Knowledgebase/Article/View/85/52/leostream-agent-security-update",
"refsource": "MISC",
"url": "https://leostream.kayako.com/Knowledgebase/Article/View/85/52/leostream-agent-security-update"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18817",
"datePublished": "2018-10-30T01:00:00.000Z",
"dateReserved": "2018-10-29T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:10:44.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}