7 matches found
CVE-2019-16198
KSLabs KSWEB 3.93 allows ../ directory traversal, as demonstrated by the hostFile parameter...
EUVD-2019-6691
Malware in sbrugna...
EUVD-2019-7010
Malware in sbrugna...
CVE-2019-15766
The KSLABS KSWEB aka ru.kslabs.ksweb application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the arbitrary file to be written to and the configtext parameter set to the content of the file to be created...
CVE-2019-16198
KSLabs KSWEB 3.93 allows ../ directory traversal, as demonstrated by the hostFile parameter...
Remote code execution
The KSLABS KSWEB aka ru.kslabs.ksweb application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the arbitrary file to be written to and the configtext parameter set to the content of the file to be created...
CVE-2019-15766
CVE-2019-15766 affects the KSLABS KSWEB Android app (v3.93). An authenticated attacker can trigger remote code execution by sending a POST to the AJAX handler with configFile (arbitrary file path) and config_text (content to write), potentially writing and executing a PHP file in the device’s pub...