Lucene search
K

6 matches found

OpenVAS
OpenVAS
added 2020/09/02 12:0 a.m.16 views

Western Digital My Cloud Multiple Products < 2.11.169 / 2.20 - 2.30 < 2.30.181 Unauthorized Upload Vulnerability

Multiple Western Digital My Cloud products are prone to an unauthorized upload vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-late...

10CVSS9.6AI score0.73404EPSS
Exploits6
Check Point Advisories
Check Point Advisories
added 2018/01/10 12:0 a.m.2 views

Western Digital MyCloud Remote Code Execution (CVE-2017-17560)

A remote code execution vulnerability exists within Western Digital MyCloud servers. This is due to the way the MyCloud servers handle file uploads to specific directories. A successful attack could lead to a remote code execution and stolen information...

10CVSS4.2AI score0.73404EPSS
Exploits6
Exploit DB
Exploit DB
added 2017/12/18 12:0 a.m.69 views

Western Digital MyCloud - &#039;multi_uploadify&#039; File Upload (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HEAD', :uri = '/web/', :pattern = /Apache/ include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initializeinfo=...

10CVSS7.4AI score0.73404EPSS
Exploits6
NVD
NVD
added 2017/12/12 6:29 p.m.28 views

CVE-2017-17560

An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multiuploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file...

10CVSS9.8AI score0.73404EPSS
Exploits6References3
CVE
CVE
added 2017/12/12 6:0 p.m.71 views

CVE-2017-17560

CVE-2017-17560 affects Western Digital MyCloud PR4100 devices (2.30.172). The web management component at /web/jquery/uploader/multi_uploadify.php exposes multipart file upload without authentication, enabling an attacker to place arbitrary files anywhere on the device and upload a PHP shell, lea...

10CVSS9.8AI score0.73404EPSS
In wildExploits6References3Affected Software1
Cvelist
Cvelist
added 2017/12/12 6:0 p.m.33 views

CVE-2017-17560

An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multiuploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file...

9.9AI score0.73404EPSS
Exploits6References3
Rows per page
Query Builder