44 matches found
EUVD-2018-9633
Malware in sbrugna...
EUVD-2018-9631
Malware in sbrugna...
EUVD-2018-9635
Malware in sbrugna...
Nuuo Central Management Server User Session Token Bruteforce
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'benchmark' class MetasploitModule 'Nuuo Central Management Server User Session Token Bruteforce', 'Description' = %q Nuuo Central Management Server below versio...
Nuuo Central Management Server 2.4 Authenticated Arbitrary File Upload Exploit
The COMMITCONFIG verb is used by a CMS client to upload and modify the configuration of the CMS Server. The vulnerability is in the FileName parameter, which accepts directory traversal ..\..\ characters. Therefore, this function can be abused to overwrite any files in the installation drive of...
Nuuo Central Management Server 2.4 Authenticated Arbitrary File Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Nuuo Central Management Server Authenticated Arbitrary File Upload", 'Description' = %q The COMMITCONFIG verb is used by a CMS client to upload a...
Nuuo Central Management Server User Session Token Bruteforce
Nuuo Central Management Server below version 2.4 has a flaw where it sends the heap address of the user object instead of a real session number when a user logs in. This can be used to reduce the keyspace for the session number from 10 million to 1.2 million, and with a bit of analysis it can be...
NUUO CMS Code Execution Vulnerability (CNVD-2018-24251)
NUUO CMS is a set of centralized software management platform from NUUO. The platform is used to centrally manage devices such as NVRs hard disk recorders and IP cameras, and provides functions such as user management and alarm management. A security vulnerability exists in NUUO CMS 3.3 and...
NUUO CMS Code Execution Vulnerability (CNVD-2018-24250)
NUUO CMS is a set of centralized software management platform from NUUO. The platform is used to centrally manage devices such as NVRs hard disk recorders and IP cameras, and provides functions such as user management and alarm management. A security vulnerability exists in NUUO CMS 3.3 and...
NUUO CMS SQL Injection Vulnerability
NUUO CMS is a set of centralized software management platform from NUUO. The platform is used to centrally manage devices such as NVRs hard disk recorders and IP cameras, and provides functions such as user management and alarm management. A SQL injection vulnerability exists in NUUO CMS 3.3 and...
CVE-2018-17936
NUUO CMS (Central Management System) All versions up to 3.3 and prior are affected by an authenticated Arbitrary File Upload vulnerability. The COMMITCONFIG FileName parameter accepts directory traversal, allowing an attacker to upload/overwrite configuration files on the CMS Server and potential...
CVE-2018-18982
The CVE-2018-18982 entry concerns NUUO CMS (all versions 3.3 and earlier). The connected sources confirm a SQL injection vulnerability in the web server application that allows injecting arbitrary SQL characters to execute statements and potentially achieve arbitrary code execution. Exploitation ...
CVE-2018-17936
NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which could allow remote code execution...
CVE-2018-17934
NUUO CMS CVE-2018-17934 affects all versions up to 3.3, where a pathname constructed from external input can be resolved outside the intended directory (path traversal). This can allow an authenticated attacker to impersonate a user, access restricted information, or execute code. Connected sourc...
CVE-2018-18982
NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can be used to inject SQL into an executing statement and allow arbitrary code execution...
CVE-2018-17934
NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the intended directory. This could allow an attacker to impersonate a legitimate user, obtain restricted information, or execute arbitrary code...
CVE-2018-17936
NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which could allow remote code execution...
Code injection
NUUO CMS All versions 3.3 and prior the web server application allows injection of arbitrary SQL characters, which can be used to inject SQL into an executing statement and allow arbitrary code execution...
CVE-2018-17934
NUUO CMS All versions 3.3 and prior the application allows external input to construct a pathname that is able to be resolved outside the intended directory. This could allow an attacker to impersonate a legitimate user, obtain restricted information, or execute arbitrary code...
CVE-2018-17936
NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which could allow remote code execution...