漏洞类别:Local
漏洞等级: 
漏洞信息
Moxa SoftCMS is a central management software that manages large scale surveillance systems.
Moxa SoftCMS contains the following vulnerabilities:
CVE-2016-8360: A specially crafted URL request sent to the SoftCMS ASP Webserver can cause a double free condition on the server allowing an attacker to modify memory locations and possibly cause a denial of service or the execute arbitrary code.
CVE-2016-9332: Moxa SoftCMS Webserver does not properly validate input. An attacker could provide unexpected values and cause the program to crash or excessive consumption of resources could result in a denial-of-service condition.
CVE-2016-9333: The SoftCMS Application does not properly sanitize input that may allow a remote attacker access to SoftCMS with administrator's privilege through specially crafted input.
Affected Versions:
SoftCMS versions prior to version 1.6
漏洞危害
Depending on the vulnerability being exploited, a remote attacker could cause a denial of service (DoS) condition or the execute arbitrary code with elevated privileges.
解决方案
Customers are advised to install Moxa SoftCMS 1.6 or later versions to remediate these vulnerabilities.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论