9 matches found
CVE-2021-36356
KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames even though browseSystemFiles.php is no longer reachable via the GUI. NOTE: this issue exists because of an incomplete fix for...
Exploit for Improper Privilege Management in Kramerav Viaware
CVE-2021-36356 and CVE-2021-35064 PoC Usage: bash...
Kramer VIAware Remote Code Execution
Exploit Title: Remote Code Execution as Root on KRAMER VIAware Date: 31/03/2022 Exploit Author: sharkmoos Vendor Homepage: https://www.kramerav.com/ Software Link: https://www.kramerav.com/us/product/viaware Version: Tested on: ViaWare Go Linux CVE : CVE-2021-35064, CVE-2021-36356 import sys,...
Kramer VIAware - Remote Code Execution (RCE) (Root)
Exploit Title: Remote Code Execution as Root on KRAMER VIAware Date: 31/03/2022 Exploit Author: sharkmoos Vendor Homepage: https://www.kramerav.com/ Software Link: https://www.kramerav.com/us/product/viaware Version: Tested on: ViaWare Go Linux CVE : CVE-2021-35064, CVE-2021-36356 import sys,...
CVE-2021-36356
creationtimestamp| type| source ---|---|--- 2021-08-31 07:33:05+00:00| seen| https://t.me/cibsecurity/28061 2022-07-13 13:02:16+00:00| seen| MISP/8bf50bb8-94dd-4004-a646-5f78db6f0b6a 2023-04-27 09:58:59+00:00| confirmed|...
CVE-2021-36356
KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames even though browseSystemFiles.php is no longer reachable via the GUI. NOTE: this issue exists because of an incomplete fix for...
CVE-2021-36356
KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames even though browseSystemFiles.php is no longer reachable via the GUI. NOTE: this issue exists because of an incomplete fix for...
CVE-2021-36356
KRAMER VIAware (through Aug 2021) is vulnerable to remote code execution via ajaxPages/writeBrowseFilePathAjax.php which accepts arbitrary executable pathnames, enabling unauthenticated attackers to upload and execute code. The issue stems from an incomplete fix for CVE-2019-17124. Reports in CVE...
CVE-2021-36356
KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames even though browseSystemFiles.php is no longer reachable via the GUI. NOTE: this issue exists because of an incomplete fix for...