648 matches found
Seagate Personal Cloud SRN21C 4.3.16.0 / 4.3.18.0 - SQL Injection
------------------------------------------------------------------------ Seagate Media Server multiple SQL injection vulnerabilities ------------------------------------------------------------------------ Yorick Koster, September 2017...
Seagate Personal Cloud SRN21C 4.3.16.0 4.3.18.0 - SQL Injection
Seagate Personal Cloud SRN21C 4.3.16.0 4.3.18.0 - SQL Injection ------------------------------------------------------------------------ Seagate Media Server multiple SQL injection vulnerabilities ------------------------------------------------------------------------ Yorick Koster, September 20...
Seagate Personal Cloud SRN21C SQL Injection Vulnerability
Seagate Personal Cloud model SRN21C running firmware versions 4.3.16.0 and 4.3.18.0 suffer from remote SQL injection vulnerabilities in the media server. ------------------------------------------------------------------------ Seagate Media Server multiple SQL injection vulnerabilities...
Seagate Personal Cloud Multiple Vulnerabilities(CVE-2018-5347)
Vulnerabilities summary The following advisory describes two 2 unauthenticated command injection vulnerabilities. Seagate Personal Cloud Home Media Storage is “the easiest way to store, organize, stream and share all your music, movies, photos, and important documents.” Credit An independent...
Seagate Media Server SRN21C Cross Site Scripting
------------------------------------------------------------------------ Seagate Media Server stored Cross-Site Scripting vulnerability ------------------------------------------------------------------------ Yorick Koster, September 2017...
H2O HTTP Server < 2.0.4 DoS Vulnerability
H2O allows remote attackers to cause a denial of service DoS via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
UBUNTU-CVE-2015-9253
An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions e.g., passthru, exec, shellexec, or system with a non-blocking STDIN stream, causing this...
lighttpd < 1.4.28 Insecure Temporary File Creation
According to its banner, the version of lighttpd running on the remote host is prior to 1.4.28. Therefore, it may be, affected by the following vulnerability : - The configuration file for the FastCGI PHP support for lighttpd before 1.4.28 on Debian GNU/Linux creates a socket file with a...
Seagate Personal Cloud - Multiple Vulnerabilities
Exploit for hardware platform in category remote exploits SSD Advisory – Seagate Personal Cloud Multiple Vulnerabilities Vulnerabilities summary The following advisory describes two 2 unauthenticated command injection vulnerabilities. Seagate Personal Cloud Home Media Storage is “the easiest way ...
Seagate Personal Cloud Command Injection
SSD Advisory a Seagate Personal Cloud Multiple Vulnerabilities Vulnerabilities summary The following advisory describes two 2 unauthenticated command injection vulnerabilities. Seagate Personal Cloud Home Media Storage is athe easiest way to store, organize, stream and share all your music, movie...
Seagate Media Server Arbitrary File / Folder Deletion Vulnerabilities
Seagate Media Server on a Seagate Personal Cloud model SRN21C running firmware version 4.3.16.0 suffers from an unauthenticated arbitrary file and folder deletion vulnerability. ------------------------------------------------------------------------ Seagate Media Server allows deleting of...
Seagate Media Server Arbitrary File / Folder Deletion
------------------------------------------------------------------------ Seagate Media Server allows deleting of arbitrary files and folders ------------------------------------------------------------------------ Yorick Koster, September 2017...
CVE-2018-5347
The CVE-2018-5347 entry concerns Seagate Personal Cloud’s Seagate Media Server. The vulnerability affects the .psp URL handling in the Django-based web application (views.py: uploadTelemetry and getLogs) where unsanitized GET parameters are passed to system commands, enabling unauthenticated comm...
Seagate Personal Cloud - Multiple Vulnerabilities
SSD Advisory – Seagate Personal Cloud Multiple Vulnerabilities Vulnerabilities summary The following advisory describes two 2 unauthenticated command injection vulnerabilities. Seagate Personal Cloud Home Media Storage is “the easiest way to store, organize, stream and share all your music, movie...
Seagate Personal Cloud - Multiple Vulnerabilities
Seagate Personal Cloud - Multiple Vulnerabilities SSD Advisory – Seagate Personal Cloud Multiple Vulnerabilities Vulnerabilities summary The following advisory describes two 2 unauthenticated command injection vulnerabilities. Seagate Personal Cloud Home Media Storage is “the easiest way to store...
WordPress LearnDash 2.5.3 Plugin - Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress LearnDash 2.5.3 Unauthenticated Arbitrary File Upload Date: 07-01-2018 Vendor Homepage: https://www.learndash.com/ Vendor Changelog: https://www.learndash.com/changelog/ Version: 2.5.3 Exploit Author: NinTechNet Author...
WordPress Plugin LearnDash 2.5.3 - Arbitrary File Upload
Exploit Title: WordPress LearnDash 2.5.3 Unauthenticated Arbitrary File Upload Date: 07-01-2018 Vendor Homepage: https://www.learndash.com/ Vendor Changelog: https://www.learndash.com/changelog/ Version: 2.5.3 Exploit Author: NinTechNet Author Advisory: http://nin.link/learndash/ Category: Webapp...
Foscam IP Video Camera CGIProxy.fcgi Query Append Buffer Overflow Vulnerability(CVE-2017-2831)
Summary An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply...
php-fpm Arbitrary File Creation Vulnerability
php-fpm is a PHPFastCGI process manager for PHP. A security vulnerability exists in php-fpm. A local attacker can exploit this vulnerability to perform a symbolic link attack, write to arbitrary files or create arbitrary files...
Format string
H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows remote attackers to cause a denial-of-service DoS via format string specifiers in a template file via fastcgi, mruby, proxy, redirect or reproxy...