Page 2 of 8 results (0.043 seconds)

CVSS: 10.0EPSS: 95%CPEs: 24EXPL: 1

__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter. __debugging_center_utils___.php en NUUO NVRmini 2 1.7.5 hasta la versión 3.0.0, NUUO NVRsolo 1.7.5 hasta la versión 3.0.0 y NETGEAR ReadyNAS Surveillance 1.1.1 hasta la versión 1.4.1 permite a atacantes remotos ejecutar código PHP arbitrario a través del parámetro de registro. NUUO NVRmini2 / NVRsolo / Crystal devices and NETGEAR ReadyNAS suffer from multiple security issues that result in remote code execution, backdoor access, buffer overflow, and various other vulnerabilities. • https://www.exploit-db.com/exploits/40200 http://www.kb.cert.org/vuls/id/856152 http://www.securityfocus.com/bid/92318 https://raw.githubusercontent.com/pedrib/PoC/master/advisories/NUUO/nuuo-nvr-vulns.txt https://seclists.org/bugtraq/2016/Aug/45 • CWE-20: Improper Input Validation •

CVSS: 9.0EPSS: 2%CPEs: 5EXPL: 1

Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command. Desbordamiento de búfer basado en pila en cgi-bin/cgi_main en NUUO NVRmini 2 1.7.6 hasta la versión 3.0.0 y NETGEAR ReadyNAS Surveillance 1.1.2 permite a usuarios remotos autenticados ejecutar código arbitrario a través del parámetro sn al comando transfer_license. NUUO NVRmini2 / NVRsolo / Crystal devices and NETGEAR ReadyNAS suffer from multiple security issues that result in remote code execution, backdoor access, buffer overflow, and various other vulnerabilities. • https://www.exploit-db.com/exploits/40200 http://www.kb.cert.org/vuls/id/856152 http://www.securityfocus.com/bid/92318 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 1

cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the sn parameter to the transfer_license command. cgi-bin/cgi_main en NUUO NVRmini 2 1.7.6 hasta la versión 3.0.0 y NETGEAR ReadyNAS Surveillance 1.1.2 permite a usuarios remotos autenticados ejecutar comandos arbitrarios a través de metacaractéres shell en el parámetro sn al comando transfer_license. NUUO NVRmini2 / NVRsolo / Crystal devices and NETGEAR ReadyNAS suffer from multiple security issues that result in remote code execution, backdoor access, buffer overflow, and various other vulnerabilities. • https://www.exploit-db.com/exploits/40200 http://www.kb.cert.org/vuls/id/856152 http://www.securityfocus.com/bid/92318 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •