Lucene search
K

7 matches found

Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.172 views

NETGEAR ProSafe Network Management System 300 Authenticated File Download

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NETGEAR ProSafe Network Management System 300 Authenticated File Download', 'Description' = %q Netgear's ProSafe NMS300 is a network management...

9.6CVSS7.4AI score0.94104EPSS
Exploits6
Circl
Circl
added 2018/05/29 3:50 p.m.9 views

CVE-2016-1524

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/netgearauthdownload.rb 2025-02-06 03:13:42+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:09:45+00:00| seen|...

9.6CVSS9.4AI score0.94104EPSS
Exploits6References1
Check Point Advisories
Check Point Advisories
added 2016/05/23 12:0 a.m.15 views

Netgear ProSAFE NMS300 fileUpload.do Arbitrary File Upload (CVE-2016-1524; CVE-2016-1525)

An arbitrary file upload vulnerability exists in Netgear ProSafe NMS300. The vulnerability is due to inadequate access control and input validation error when accepting user uploaded files to fileUpload.do control. A remote unauthenticated attacker could exploit this vulnerability by sending...

8.3CVSS1.7AI score0.94104EPSS
Exploits10
Cvelist
Cvelist
added 2016/02/13 2:0 a.m.29 views

CVE-2016-1524

Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using 1 fileUpload.do or 2 lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for ...

9.7AI score0.94104EPSS
Exploits6References5
CVE
CVE
added 2016/02/13 2:0 a.m.77 views

CVE-2016-1524

CVE-2016-1524 : NETGEAR ProSafe Network Management System NMS300 (1.5.0.11 and earlier) contains multiple unrestricted file upload vulnerabilities in the fileUpload.do endpoints (and lib-1.0/external/flash/fileUpload.do). A remote attacker can upload a JSP file and access it via a /null URI to tr...

9.6CVSS9.6AI score0.94104EPSS
Exploits6References5Affected Software1
Metasploit
Metasploit
added 2016/02/03 11:57 p.m.71 views

NETGEAR ProSafe Network Management System 300 Authenticated File Download

Netgear's ProSafe NMS300 is a network management utility that runs on Windows systems. The application has a file download vulnerability that can be exploited by an authenticated remote attacker to download any file in the system. This module has been tested with versions 1.5.0.2, 1.4.0.17 and...

9.6CVSS6.8AI score0.94104EPSS
Exploits6
CERT
CERT
added 2016/02/03 12:0 a.m.48 views

Netgear Management System NMS300 contains arbitrary file upload and path traversal vulnerabilities

Overview Netgear Management System NMS300, version 1.5.0.11 and earlier, is vulnerable to arbitrary file upload, which may be leveraged by unauthenticated users to execute arbitrary code with SYSTEM privileges. A directory traversal vulnerability enables authenticated users to download arbitrary...

9.6CVSS9.3AI score0.94104EPSS
Exploits10References4
Rows per page
Query Builder