Western Digital MyCloud NAS - Command Injection

Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/googleanalytics.php URL via a modified arg parameter in the POST data. id: CVE-2016-10108 info: name: Western Digital MyCloud NAS - Command Injection author: DhiyaneshDk severity: critical...

CVE-2026-10108

creationtimestamp| type| source ---|---|--- 2026-05-29 20:08:59+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmzdp6japs2h 2026-05-30 21:01:03+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mn3x35uqub2h...

CVE-2026-10108

The CVE-2026-10108 entry concerns xiaomusic v0.5.7, with an unauthenticated path traversal vulnerability in GET /music/{file_path:path}. An attacker can read arbitrary files outside the music directory by exploiting an incomplete path prefix check and a missing trailing separator in the compariso...

CVE-2026-10108

xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability in the GET /music/filepath:path endpoint that allows unauthenticated attackers to read arbitrary files outside the intended music directory by exploiting an incomplete path prefix check. Attackers can request files from...

MiracleLinux 4 : python-twisted-web-8.2.0-6.AXS4 (AXSA:2020-036:02)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-036:02 advisory. python-twisted: HTTP request smuggling when presented with two Content-Length headers CVE-2020-10108 Tenable has extracted the preceding description block...

MiracleLinux 7 : python-twisted-web-12.1.0-7.el7 (AXSA:2020-025:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-025:01 advisory. python-twisted: HTTP request smuggling when presented with two Content-Length headers CVE-2020-10108 python-twisted: HTTP request smuggling when...

Oracle Linux 7 : microcode_ctl (ELSA-2025-10108)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-10108 advisory. 2:2.1-73.24.0.20250512 - update microcode bundle to 20250512 Orabug: 38139038 2:2.1-73.23.0.20250211 - update microcode bundle to 20250211 Orabug: 37670820 -...

CVE-2025-10108

creationtimestamp| type| source ---|---|--- 2025-09-09 10:15:19+00:00| seen| https://gist.github.com/Darkcrai86/aab7b7076a0d98752247872db2818a35...

CVE-2015-10108

A vulnerability was found in meitar Inline Google Spreadsheet Viewer Plugin up to 0.9.6 on WordPress and classified as problematic. Affected by this issue is the function displayShortcode of the file inline-gdocs-viewer.php. The manipulation leads to cross-site request forgery. The attack may be...

CVE-2024-10108

The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advertsadd shortcode in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

CVE-2024-10108

CVE-2024-10108 (WPAdverts – Classifieds Plugin, WordPress) is an Unauthenticated Stored Cross-Site Scripting vulnerability in the adverts_add shortcode. The issue arises from insufficient input sanitization and output escaping in all versions up to and including 2.1.6, enabling an attacker to inj...

WordPress WPAdverts – Classifieds Plugin Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS)

Software WPAdverts – Classifieds Plugin Type Plugin Vulnerable versions = 2.1.6 Fixed in 2.1.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10108 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d98a67dcc148 Credits...

BELL-CVE-2020-10108 CVE-2020-10108 does not affect BellSoft software

Bulletin has no description...

Western Digital MyCloud Unauthenticated Command Injection Exploit

This Metasploit module exploits authentication bypass CVE-2018-17153 and command injection CVE-2016-10108 vulnerabilities in Western Digital MyCloud before 2.30.196 in order to achieve unauthenticated remote code execution as the root user. The module first performs a check to see if the target i...

Western Digital MyCloud unauthenticated command injection

This module exploits authentication bypass CVE-2018-17153 and command injection CVE-2016-10108 vulnerabilities in Western Digital MyCloud before 2.30.196 in order to achieve unauthenticated remote code execution as the root user. The module first performs a check to see if the target is WD MyClou...

CVE-2016-10108

creationtimestamp| type| source ---|---|--- 2023-07-28 13:22:17+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/wdmycloudunauthenticatedcmdinjection.rb 2024-10-26 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2024-10-2...

Western Digital MyCloud Unauthenticated Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Western Digital MyCloud unauthenticated command injection', 'Description' = %q This module exploits authentication bypass CVE-2018-17153 and...

CVE-2015-10108

The CVE-2015-10108 entry concerns the meitar Inline Google Spreadsheet Viewer Plugin for WordPress (up to version 0.9.6). The vulnerability affects the displayShortcode function in inline-gdocs-viewer.php and enables cross-site request forgery (CSRF) with remote attack potential. A patch exists: ...

SUSE SLES12 Security Update : python-Twisted (SUSE-SU-2022:4074-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4074-1 advisory. - In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid...

Ubuntu: Security Advisory (USN-4308-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...