7 matches found
NETGEAR ProSafe Network Management System 300 Authenticated File Download
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NETGEAR ProSafe Network Management System 300 Authenticated File Download', 'Description' = %q Netgear's ProSafe NMS300 is a network management...
CVE-2016-1524
creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/netgearauthdownload.rb 2025-02-06 03:13:42+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:09:45+00:00| seen|...
Netgear ProSAFE NMS300 fileUpload.do Arbitrary File Upload (CVE-2016-1524; CVE-2016-1525)
An arbitrary file upload vulnerability exists in Netgear ProSafe NMS300. The vulnerability is due to inadequate access control and input validation error when accepting user uploaded files to fileUpload.do control. A remote unauthenticated attacker could exploit this vulnerability by sending...
CVE-2016-1524
Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using 1 fileUpload.do or 2 lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for ...
CVE-2016-1524
CVE-2016-1524 : NETGEAR ProSafe Network Management System NMS300 (1.5.0.11 and earlier) contains multiple unrestricted file upload vulnerabilities in the fileUpload.do endpoints (and lib-1.0/external/flash/fileUpload.do). A remote attacker can upload a JSP file and access it via a /null URI to tr...
NETGEAR ProSafe Network Management System 300 Authenticated File Download
Netgear's ProSafe NMS300 is a network management utility that runs on Windows systems. The application has a file download vulnerability that can be exploited by an authenticated remote attacker to download any file in the system. This module has been tested with versions 1.5.0.2, 1.4.0.17 and...
Netgear Management System NMS300 contains arbitrary file upload and path traversal vulnerabilities
Overview Netgear Management System NMS300, version 1.5.0.11 and earlier, is vulnerable to arbitrary file upload, which may be leveraged by unauthenticated users to execute arbitrary code with SYSTEM privileges. A directory traversal vulnerability enables authenticated users to download arbitrary...