Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 8:41 a.m.9 views

CVE-2013-3631

NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality b...

6CVSS7.5AI score0.13729EPSS
Exploits5References1
Check Point Advisories
Check Point Advisories
added 2014/05/21 12:0 a.m.9 views

NAS4Free exec.php Arbitrary Remote Code Execution (CVE-2013-3631)

A code execution vulnerability has been reported in NAS4Free. The vulnerability is due to "Advanced | Execute Command" feature that allows remote authenticated users to execute arbitrary PHP code via a request to exec.php. A remote unauthenticated attacker can exploit this vulnerability by execut...

6CVSS7.5AI score0.13729EPSS
Exploits5
NVD
NVD
added 2013/11/02 7:55 p.m.28 views

CVE-2013-3631

NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality b...

6CVSS7.1AI score0.13729EPSS
Exploits5References2
Cvelist
Cvelist
added 2013/11/02 7:0 p.m.34 views

CVE-2013-3631

NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality b...

7.1AI score0.13729EPSS
Exploits5References2
CVE
CVE
added 2013/11/02 7:0 p.m.51 views

CVE-2013-3631

CVE-2013-3631 affects NAS4Free 9.1.0.1.804 and earlier. A remotely authenticated user can post PHP code to the exec.php endpoint ("Advanced | Execute Command") and have it executed, effectively enabling remote code execution. CERT notes NAS4Free runs as root by default, so code execution could oc...

6CVSS7.3AI score0.13729EPSS
Exploits5References2Affected Software1
Circl
Circl
added 2013/10/31 12:0 a.m.9 views

CVE-2013-3631

creationtimestamp| type| source ---|---|--- 2013-10-31 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/29320 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/nas4freephpexec.rb 2025-02-06 03:13:41+00:00| seen|...

6CVSS5.7AI score0.13729EPSS
Exploits5References2
Exploit DB
Exploit DB
added 2013/10/31 12:0 a.m.37 views

NAS4Free - Remote Code Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' require 'rexml/document' class Metasploit4 'NAS4Free Arbitrary Remote Code Execution', 'Description' = %q NAS4Free allows an authenticated...

6CVSS7AI score0.13729EPSS
Exploits5
Metasploit
Metasploit
added 2013/10/30 3:25 p.m.33 views

NAS4Free Arbitrary Remote Code Execution

NAS4Free allows an authenticated user to post PHP code to a special HTTP script and have the code executed remotely. This module was successfully tested against NAS4Free version 9.1.0.1.804. Earlier builds are likely to be vulnerable as well. This module requires Metasploit:...

6CVSS0.4AI score0.13729EPSS
Exploits5
CERT
CERT
added 2013/10/30 12:0 a.m.214 views

NAS4Free version 9.1.0.1 contains a remote command execution vulnerability

Overview NAS4Free version 9.1.0.1.804 and possibly earlier versions contain a remote code execution vulnerability CWE-94. Description CWE-94: Improper Control of Generation of Code 'Code Injection' NAS4Free version 9.1.0.1.804 and possibly earlier versions contain a remote code execution...

6CVSS7.6AI score0.13729EPSS
Exploits5References3
Rows per page
Query Builder