5 matches found
Netgear ProSAFE NMS300 fileUpload.do Arbitrary File Upload (CVE-2016-1524; CVE-2016-1525)
An arbitrary file upload vulnerability exists in Netgear ProSafe NMS300. The vulnerability is due to inadequate access control and input validation error when accepting user uploaded files to fileUpload.do control. A remote unauthenticated attacker could exploit this vulnerability by sending...
CVE-2016-1525
creationtimestamp| type| source ---|---|--- 2016-03-01 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39515 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/netgearnmsrce.rb 2025-02-06 03:13:42+00:00| seen|...
NETGEAR ProSafe Network Management System 300 Arbitrary File Upload
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'NETGEAR ProSafe Network Management System 300 Arbitrary File Upload', 'Description' = %q Netgear's ProSafe NMS300 is a network...
CVE-2016-1525
Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. dot dot in the realName parameter...
Netgear Management System NMS300 contains arbitrary file upload and path traversal vulnerabilities
Overview Netgear Management System NMS300, version 1.5.0.11 and earlier, is vulnerable to arbitrary file upload, which may be leveraged by unauthenticated users to execute arbitrary code with SYSTEM privileges. A directory traversal vulnerability enables authenticated users to download arbitrary...