ZDI-23-1154: SonicWALL GMS Virtual Appliance Syslog Directory Traversal Remote Code Execution Vulnerability | allinfosecnews.com

Aug. 21, 2023, 5 a.m. |

ZDI: Published Advisories www.zerodayinitiative.com

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SonicWALL GMS Virtual Appliance. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.

arbitrary code attackers authentication code code execution directory directory traversal exploit gms remote code remote code execution sonicwall syslog virtual vulnerability zdi

More from www.zerodayinitiative.com / ZDI: Published Advisories

ZDI-24-439: Microsoft Windows Bluetooth AVDTP Protocol Integer Underflow Remote Code Execution Vulnerability 4 days, 9 hours ago | www.zerodayinitiative.com

arbitrary code attackers bluetooth code +20

ZDI-24-438: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 4 days, 9 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

ZDI-24-437: Dassault Systèmes eDrawings Viewer DXF File Parsing Type Confusion Remote Code Execution Vulnerability 4 days, 9 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +15

ZDI-24-436: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 4 days, 9 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

ZDI-24-435: Dassault Systèmes eDrawings Viewer DXF File Parsing Type Confusion Remote Code Execution Vulnerability 4 days, 9 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +15

ZDI-24-434: Dassault Systèmes eDrawings Viewer SAT File Parsing Uninitialized Variable Remote Code Execution Vulnerability 4 days, 9 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

ZDI-24-433: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 4 days, 9 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

ZDI-24-432: Dassault Systèmes eDrawings Viewer JT File Parsing Memory Corruption Remote Code Execution Vulnerability 4 days, 9 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +17

ZDI-24-431: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability 4 days, 9 hours ago | www.zerodayinitiative.com

arbitrary code attackers code code execution +16

Cyber Security Network Engineer

@ Nine | North Sydney, Australia

View on infosec-jobs.com

Professional, IAM Security

@ Ingram Micro | Manila Shared Services Center

View on infosec-jobs.com

Principal Windows Threat & Detection Security Researcher (Cortex)

@ Palo Alto Networks | Tel Aviv-Yafo, Israel

View on infosec-jobs.com

Security Engineer - IT Infra Security Architecture

@ Coupang | Seoul, South Korea

View on infosec-jobs.com

Senior Security Engineer

@ LiquidX | Singapore, Central Singapore, Singapore

View on infosec-jobs.com

Application Security Engineer

@ Solidigm | Zapopan, Mexico

View on infosec-jobs.com