GroundWork monarch_scan.cgi OS Command Injection (CVE-2013-3502)

A vulnerability exists in GroundWork 6.7.0. The vulnerability exists in the monarchscan.cgi where user controlled input is used in a perl function. This allows any remote authenticated attacker, regardless of privileges, to inject system commands and gain arbitrary code execution...

Netgear ReadyNAS - Perl Code Evaluation (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'NETGEAR ReadyNAS Perl Code Evaluation', 'Description' = %q This module exploits a Perl code injection on NETGEAR ReadyNAS 4.2.23 and...

NETGEAR ReadyNAS Perl Code Evaluation

This module exploits a Perl code injection on NETGEAR ReadyNAS 4.2.23 and 4.1.11. The vulnerability exists on the web front end, specifically in the nphandler.pl component, due to an insecure usage of the eval perl function. This module has been tested successfully on a NETGEAR ReadyNAS 4.2.23...