news.russia.network | Published Advisories

ZDI-25-460: (0Day) Marvell QConvergeConsole saveNICParamsToFile Directory Traversal Arbitrary File Write Vulnerability

This vulnerability allows remote attackers to create arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.2. The following CVEs are assigned: CVE-2025-6801...

ПОДРОБНЕЕ

ZDI-25-459: (0Day) Marvell QConvergeConsole restoreESwitchConfig Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2025-6800...

ПОДРОБНЕЕ

ZDI-25-458: (0Day) Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability

ПОДРОБНЕЕ

ZDI-25-457: (0Day) Marvell QConvergeConsole deleteAppFile Directory Traversal Arbitrary File Deletion Vulnerability

This vulnerability allows remote attackers to delete arbitrary files on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.2. The following CVEs are assigned: CVE-2025-6798...

ПОДРОБНЕЕ

ZDI-25-456: (0Day) Marvell QConvergeConsole getFileUploadBytes Directory Traversal Information Disclosure Vulnerability

ПОДРОБНЕЕ

ZDI-25-455: (0Day) Marvell QConvergeConsole getFileUploadSize Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.3. The following CVEs are assigned: CVE-2025-6795...

ПОДРОБНЕЕ

ZDI-25-454: (0Day) Marvell QConvergeConsole saveAsText Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2025-6794...

ПОДРОБНЕЕ

ZDI-25-453: (0Day) Marvell QConvergeConsole compressFirmwareDumpFiles Directory Traversal Information Disclosure Vulnerability

ПОДРОБНЕЕ

ZDI-25-452: (0Day) Marvell QConvergeConsole compressDriverFiles Directory Traversal Information Disclosure Vulnerability

ПОДРОБНЕЕ

ZDI-25-451: (0Day) Marvell QConvergeConsole getAppFileBytes Directory Traversal Information Disclosure Vulnerability

ПОДРОБНЕЕ

ZDI-25-450: (0Day) Marvell QConvergeConsole QLogicDownloadImpl Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability

This vulnerability allows remote attackers to delete arbitrary files and disclose sensitive information on affected installations of Marvell QConvergeConsole. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.4. The following CVEs are assigned: CVE-2025-6793...

ПОДРОБНЕЕ

ZDI-25-449: (0Day) Mescius ActiveReports.NET TypeResolutionService Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mescius ActiveReports.NET. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2025-6811...

ПОДРОБНЕЕ