CVSS: 10.0EPSS: 92%CPEs: 1EXPL: 3CVE-2021-36356 – Kramer VIAware - Remote Code Execution (RCE) (Root)
https://notcve.org/view.php?id=CVE-2021-36356
31 Aug 2021 — KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this issue exists because of an incomplete fix for CVE-2019-17124. KRAMER VIAware hasta agosto de 2021, permite a atacantes remotos ejecutar código arbitrario porque el archivo ajaxPages/writeBrowseFilePathAjax.php acepta nombres de ruta ejecutables arbitrarios (a... • https://packetstorm.news/files/id/166623 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 5CVE-2021-35064 – Kramer VIAware - Remote Code Execution (RCE) (Root)
https://notcve.org/view.php?id=CVE-2021-35064
12 Jul 2021 — KramerAV VIAWare, all tested versions, allow privilege escalation through misconfiguration of sudo. Sudoers permits running of multiple dangerous commands, including unzip, systemctl and dpkg. KramerAV VIAWare, todas las versiones probadas, permiten una escalada de privilegios mediante la configuración inapropiada de sudo. Sudoers permite una ejecución de múltiples comandos peligrosos, incluyendo unzip, systemctl y dpkg • https://packetstorm.news/files/id/166623 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 6%CPEs: 1EXPL: 4CVE-2019-17124 – Kramer VIAware 2.5.0719.1034 - Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2019-17124
09 Oct 2019 — Kramer VIAware 2.5.0719.1034 has Incorrect Access Control. Kramer VIAware versión 2.5.0719.1034, presenta un Control de Acceso Incorrecto. Kramer VIAware version 2.5.0719.1034 suffers from a remote code execution vulnerability. • https://packetstorm.news/files/id/166541 • CWE-276: Incorrect Default Permissions •