CVSS: 10.0EPSS: 92%CPEs: 1EXPL: 3CVE-2021-36356 – Kramer VIAware - Remote Code Execution (RCE) (Root)
https://notcve.org/view.php?id=CVE-2021-36356
31 Aug 2021 — KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this issue exists because of an incomplete fix for CVE-2019-17124. KRAMER VIAware hasta agosto de 2021, permite a atacantes remotos ejecutar código arbitrario porque el archivo ajaxPages/writeBrowseFilePathAjax.php acepta nombres de ruta ejecutables arbitrarios (a... • https://packetstorm.news/files/id/166623 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 6%CPEs: 1EXPL: 4CVE-2019-17124 – Kramer VIAware 2.5.0719.1034 - Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2019-17124
09 Oct 2019 — Kramer VIAware 2.5.0719.1034 has Incorrect Access Control. Kramer VIAware versión 2.5.0719.1034, presenta un Control de Acceso Incorrecto. Kramer VIAware version 2.5.0719.1034 suffers from a remote code execution vulnerability. • https://packetstorm.news/files/id/166541 • CWE-276: Incorrect Default Permissions •