Lucene search
K

4 matches found

0day.today
0day.today
added 2017/10/04 12:0 a.m.114 views

e2openplugin OpenWebif 1.2.4 Code Execution Vulnerability

Exploit for linux platform in category remote exploits e2openplugin-OpenWebif is an open source web interface plugin for IP TVs and media centers. It is found in several IP TV software images and hardware products including the commercial Dreambox devices. A remote code injection vulnerability wa...

10CVSS9.2AI score0.04923EPSS
Exploits3
Packet Storm
Packet Storm
added 2017/10/03 12:0 a.m.70 views

e2openplugin OpenWebif 1.2.4 Code Execution

Hello all, e2openplugin-OpenWebif is an open source web interface plugin for IP TVs and media centers. It is found in several IP TV software images and hardware products including the commercial Dreambox devices. A remote code injection vulnerability was found in the "key" HTTP GET parameter of t...

10CVSS9.7AI score0.04923EPSS
Exploits3
NVD
NVD
added 2017/06/22 3:29 a.m.19 views

CVE-2017-9807

An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval call on the contents of the "key" HTTP GET parameter. This allows an unauthenticated remote attacker to execute arbitrary Python cod...

10CVSS9.8AI score0.04923EPSS
Exploits3References4
CVE
CVE
added 2017/06/22 3:0 a.m.47 views

CVE-2017-9807

OpenWebif plugin for E2 open devices (versions up to 1.2.4) is affected. The saveConfig function in plugin/controllers/models/config.py evaluates the HTTP GET parameter key, enabling unauthenticated remote code execution via /api/saveconfig. Some devices run the plugin with root privileges (e.g.,...

10CVSS9.8AI score0.04923EPSS
Exploits3References4Affected Software1
Rows per page
Query Builder