CVE-2023-28337

When uploading a firmware image to a Netgear Nighthawk Wifi6 Router RAX30, a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. End users can use this to upload modified, unofficial, and potentially malicious firmware to the...

CVE-2023-28337

When uploading a firmware image to a Netgear Nighthawk Wifi6 Router RAX30, a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. End users can use this to upload modified, unofficial, and potentially malicious firmware to the...

CVE-2023-28337

The CVE concerns Netgear Nighthawk Wifi6 Router (RAX30). A hidden parameter named forceFWUpdate can be supplied during firmware image upload to force the upgrade to complete and bypass certain validation checks, enabling end users to upload modified or potentially malicious firmware. Reported imp...

CVE-2023-28337

When uploading a firmware image to a Netgear Nighthawk Wifi6 Router RAX30, a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. End users can use this to upload modified, unofficial, and potentially malicious firmware to the...

CVE-2023-28337

When uploading a firmware image to a Netgear Nighthawk Wifi6 Router RAX30, a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. End users can use this to upload modified, unofficial, and potentially malicious firmware to the...

Microweber CMS 1.1.20 Remote Code Execution

Exploit Title: Microweber CMS 1.1.20 - Remote Code Execution Authenticated Date: 2020-10-31 Exploit Author: sl1nki Vendor Homepage: https://microweber.org/ Software Link: https://github.com/microweber/microweber/tree/1.1.20 Version: " . shellexec$REQUEST"fexec" . ""; ?' Notes: SSL verification is...

Microweber CMS 1.1.20 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Microweber CMS 1.1.20 - Remote Code Execution Authenticated Exploit Author: sl1nki Vendor Homepage: https://microweber.org/ Software Link: https://github.com/microweber/microweber/tree/1.1.20 Version: " . shellexec$REQUEST"fexec" . ""; ?' Notes: SSL verification is disabled by...

Microweber CMS 1.1.20 - Remote Code Execution (Authenticated)

Exploit Title: Microweber CMS 1.1.20 - Remote Code Execution Authenticated Date: 2020-10-31 Exploit Author: sl1nki Vendor Homepage: https://microweber.org/ Software Link: https://github.com/microweber/microweber/tree/1.1.20 Version: " . shellexec$REQUEST"fexec" . ""; ?' Notes: SSL verification is...

CVE-2021-28337

Remote Procedure Call Runtime Remote Code Execution Vulnerability...

CVE-2021-28337

Remote Procedure Call Runtime Remote Code Execution Vulnerability...

CVE-2021-28337 Remote Procedure Call Runtime Remote Code Execution Vulnerability

...

CVE-2021-28337

Technical details for CVE-2021-28337 are not publicly available in the provided documents. Monitor for updates from vendor advisories and vulnerability databases.

KB5001342: Windows 10 version 1809 / Windows Server 2019 Security Update (Apr 2021)

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Win32k Elevation of Privilege Vulnerability CVE-2021-27072, CVE-2021-28310 - Windows Media Photo Codec Information Disclosure Vulnerability CVE-2021-27079 - Windows Event Tracing Elevati...

KB5001389: Windows Server 2008 Security Update (Apr 2021)

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Microsoft Internet Messaging API Remote Code Execution Vulnerability CVE-2021-27089 - Windows Kernel Information Disclosure Vulnerability CVE-2021-27093, CVE-2021-28309 - Windows Media...

KB5001347: Windows 10 version 1607 / Windows Server 2016 Security Update (Apr 2021)

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - Win32k Elevation of Privilege Vulnerability CVE-2021-27072 - Windows Media Photo Codec Information Disclosure Vulnerability CVE-2021-27079 - Microsoft Internet Messaging API Remote Code...

XStream server-side request forgery vulnerability (CNVD-2021-28337)

XStream is a simple Java-based library , Java objects serialized to xml and vice versa i.e. : Java objects and xml documents can be easily converted to each other . XStream has a server-side request forgery vulnerability that can be exploited by an attacker to manipulate the processed input strea...

CVE-2020-28337

creationtimestamp| type| source ---|---|--- 2021-02-15 22:46:52+00:00| seen| https://t.me/cibsecurity/23614 2021-05-11 03:46:20+00:00| seen| https://t.me/pwnwikizhchannel/401...

CVE-2020-28337

A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authenticated attacker to gain remote code execution via the backup restore feature. To exploit the vulnerability, an attacker must have the credentials of an administrative user, upload a maliciously...

CVE-2020-28337

CVE-2020-28337 affects Microweber up to version 1.1.20, due to a directory traversal flaw in the Utils/Unzip module. An authenticated administrative user can upload a malicious ZIP containing relative paths (for example ../../), place it in the backup directory, and trigger a restore to achieve r...

Security fix for the ALT Linux 5 package MySQL version 5.0.41-alt1

May 28, 2007 Konstantin Lepikhov 5.0.41-alt1 - 5.0.41 release. - Fix CVE-2007-2583 DoS Failure to Handle Exceptional Conditions. - Added patches from BK: + BUG28337 NOT EXISTS with GROUP BY behaves different in 5.0.40. - Update ALTLinux patches: + install-db patch. + username-length patch. -...