all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

LG LED Assistant Multiple Vulnerabilities

Add to bookmarks
Nov. 27, 2023, 4:57 p.m. | Jimi Sebree

Tenable Research Advisories www.tenable.com

LG LED Assistant Multiple Vulnerabilities

seamCorrectionFileCreate Path Traversal File Upload

(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

A path traversal vulnerability exists in the endpoint handler for /api/management/seamCorrectionFileCreate in Management.js. An unauthenticated remote attacker can exploit this to upload arbitrary files to any location on the disk drive where the product is installed.

PoC:

curl -ki -d 'fileName=../../../../../../../windows/system32/evil.exe&coef=["\u0011\u0022\u0033\u0044"]' ':8787/api/management/seamCorrectionFileCreate'>

get3DLutFile Path Traversal File Upload

(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H)

A path traversal vulnerability exists in the endpoint handler for /api/Management/get3DLutFile in Management.js. An unauthenticated remote attacker can exploit this to …

amp api arbitrary files assistant attacker curl cvss disk drive endpoint evil exploit file filename files file upload led location management path path traversal path traversal vulnerability poc product unauthenticated upload vulnerabilities vulnerability windows

Visit resource

More from www.tenable.com / Tenable Research Advisories

Approach.App Multiple Vulnerabilities 1 week, 1 day ago | www.tenable.com
app application exploitation management +9
Karros Technologies Authentication Bypass 1 week, 1 day ago | www.tenable.com
authentication authentication bypass bypass technologies
Ivanti Avalanche WLAvalancheService.exe Unauthenticated Heap-based Buffer Overflow 1 week, 3 days ago | www.tenable.com
avalanche big buffer buffer overflow +12
Path Traversal Affecting Multiple CData Products 3 weeks, 1 day ago | www.tenable.com
application attachment cookie date +14
LG LED Assistant v2.1.65 Multiple Vulnerabilities 4 weeks, 2 days ago | www.tenable.com
assistant led vulnerabilities
Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities 1 month, 2 weeks ago | www.tenable.com
arcserve data data protection protection +1
Microsoft Azure Synapse Analytics - Privilege Escalation via Vegas Caching Service 1 month, 3 weeks ago | www.tenable.com
analytics azure azure synapse caching +8
Showdownjs Denial of Service 2 months ago | www.tenable.com
can command concept conditions +17
Missing Authentication for Critical Function in Adobe FrameMaker Publishing Server (FMPS) 2 months, 2 weeks ago | www.tenable.com
accesstoken admin adobe authentication +9

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Security Officer Hospital Laguna Beach

@ Allied Universal | Laguna Beach, CA, United States
View on infosec-jobs.com

Sr. Cloud DevSecOps Engineer

@ Oracle | NOIDA, UTTAR PRADESH, India
View on infosec-jobs.com

Cloud Operations Security Engineer

@ Elekta | Crawley - Cornerstone
View on infosec-jobs.com

Cybersecurity – Senior Information System Security Manager (ISSM)

@ Boeing | USA - Seal Beach, CA
View on infosec-jobs.com

Engineering -- Tech Risk -- Security Architecture -- VP -- Dallas

@ Goldman Sachs | Dallas, Texas, United States
View on infosec-jobs.com
View more jobs