9 matches found
CVE-2013-3631
NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality b...
NAS4Free exec.php Arbitrary Remote Code Execution (CVE-2013-3631)
A code execution vulnerability has been reported in NAS4Free. The vulnerability is due to "Advanced | Execute Command" feature that allows remote authenticated users to execute arbitrary PHP code via a request to exec.php. A remote unauthenticated attacker can exploit this vulnerability by execut...
CVE-2013-3631
NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality b...
CVE-2013-3631
NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality b...
CVE-2013-3631
CVE-2013-3631 affects NAS4Free 9.1.0.1.804 and earlier. A remotely authenticated user can post PHP code to the exec.php endpoint ("Advanced | Execute Command") and have it executed, effectively enabling remote code execution. CERT notes NAS4Free runs as root by default, so code execution could oc...
CVE-2013-3631
creationtimestamp| type| source ---|---|--- 2013-10-31 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/29320 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/nas4freephpexec.rb 2025-02-06 03:13:41+00:00| seen|...
NAS4Free - Remote Code Execution (Metasploit)
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' require 'rexml/document' class Metasploit4 'NAS4Free Arbitrary Remote Code Execution', 'Description' = %q NAS4Free allows an authenticated...
NAS4Free Arbitrary Remote Code Execution
NAS4Free allows an authenticated user to post PHP code to a special HTTP script and have the code executed remotely. This module was successfully tested against NAS4Free version 9.1.0.1.804. Earlier builds are likely to be vulnerable as well. This module requires Metasploit:...
NAS4Free version 9.1.0.1 contains a remote command execution vulnerability
Overview NAS4Free version 9.1.0.1.804 and possibly earlier versions contain a remote code execution vulnerability CWE-94. Description CWE-94: Improper Control of Generation of Code 'Code Injection' NAS4Free version 9.1.0.1.804 and possibly earlier versions contain a remote code execution...