CVE-2013-3631

NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality b...

nas4free Default Admin Credentials (HTTP)

The remote nas4free web interface is using known default credentials. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

nas4free Detection

The script sends a connection request to the server and attempts to detect nas4free from the reply. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

NAS4Free - Arbitrary Remote Code Execution

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' require 'rexml/document' class Metasploit4 Msf::Exploit::Remote Rank = GreatRanking include...

NAS4Free exec.php Arbitrary Remote Code Execution (CVE-2013-3631)

A code execution vulnerability has been reported in NAS4Free. The vulnerability is due to "Advanced | Execute Command" feature that allows remote authenticated users to execute arbitrary PHP code via a request to exec.php. A remote unauthenticated attacker can exploit this vulnerability by execut...

NAS4Free Web UI Default Credentials

The NAS4Free web interface on the remote host has the 'admin' user account secured with the default password. A remote, unauthenticated attacker could exploit this to gain administrative access to the web interface, which could allow arbitrary command execution via exec.php. %NASLMINLEVEL 70300 C...

NAS4Free Web UI Detection

Binary data nas4freedetect.nbin...

NAS4Free Version

Binary data nas4freeversion.nbin...

CVE-2013-3631

NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality b...

Design/Logic Flaw

NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality b...

CVE-2013-3631

NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality b...

CVE-2013-3631

CVE-2013-3631 affects NAS4Free 9.1.0.1.804 and earlier. A remotely authenticated user can post PHP code to the exec.php endpoint ("Advanced | Execute Command") and have it executed, effectively enabling remote code execution. CERT notes NAS4Free runs as root by default, so code execution could oc...

NAS4Free - Remote Code Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' require 'rexml/document' class Metasploit4 'NAS4Free Arbitrary Remote Code Execution', 'Description' = %q NAS4Free allows an authenticated...

NAS4Free Arbitrary Remote Code Execution Vulnerability

NAS4Free allows an authenticated user to post PHP code to a special HTTP script and have the code executed remotely. This Metasploit module was successfully tested against NAS4Free version 9.1.0.1.804. Earlier builds are likely to be vulnerable as well. This module requires Metasploit:...

NAS4Free Arbitrary Remote Code Execution

NAS4Free allows an authenticated user to post PHP code to a special HTTP script and have the code executed remotely. This module was successfully tested against NAS4Free version 9.1.0.1.804. Earlier builds are likely to be vulnerable as well. This module requires Metasploit:...

NAS4Free Arbitrary Remote Code Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' require 'rexml/document' class Metasploit4 'NAS4Free Arbitrary Remote Code Execution', 'Description' = %q NAS4Free allows an authenticated...

NAS4Free version 9.1.0.1 contains a remote command execution vulnerability

Overview NAS4Free version 9.1.0.1.804 and possibly earlier versions contain a remote code execution vulnerability CWE-94. Description CWE-94: Improper Control of Generation of Code 'Code Injection' NAS4Free version 9.1.0.1.804 and possibly earlier versions contain a remote code execution...