25 matches found
Seagate Central Storage 2015.0916 User Creation / Command Execution
Exploit Title: Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution Metasploit Date: Dec 9 2019 Exploit Author: Ege Balci Vendor Homepage: https://www.seagate.com/de/de/support/external-hard-drives/network-storage/seagate-central/ Version: 2015.0916 CVE : 2020-6627 This...
Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution Exploit
Exploit Title: Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution Metasploit Date: Dec 9 2019 Exploit Author: Ege Balci Vendor Homepage: https://www.seagate.com/de/de/support/external-hard-drives/network-storage/seagate-central/ Version: 2015.0916 CVE : 2020-6627 This...
Seagate Central <= 2015.0916 RCE Vulnerability
Seagate Central is prone to a remote code execution RCE vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
Seagate Central Detection (HTTP)
HTTP based detection of Seagate Central. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.149001";...
CVE-2020-6627
The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mvbackendlaunch in cirrus/application/helpers/mvbackendhelper.php by leveraging the "start" state and sending a checkdevicename request...
Command injection
The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mvbackendlaunch in cirrus/application/helpers/mvbackendhelper.php by leveraging the "start" state and sending a checkdevicename request...
Seagate Central NAS 操作系统命令注入漏洞
Seagate Central NAS is a family of networked storage devices from Seagate. A security vulnerability exists in the Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300, which originates in the web management application that allows an attacker to exploit the "Start" state and send a...
CVE-2020-6627
The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mvbackendlaunch in cirrus/application/helpers/mvbackendhelper.php by leveraging the "start" state and sending a checkdevicename request...
CVE-2020-6627
The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mvbackendlaunch in cirrus/application/helpers/mvbackendhelper.php by leveraging the "start" state and sending a checkdevicename request...
PT-2022-9051 · Seagate · Seagate Central Nas
Name of the Vulnerable Software and Affected Versions: Seagate Central NAS versions STCG2000300, STCG3000300, and STCG4000300 Description: The web-management application on the affected devices allows OS command injection via mv backend launch in cirrus/application/helpers/mv backend helper.php b...
EUVD-2020-27775
The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mvbackendlaunch in cirrus/application/helpers/mvbackendhelper.php by leveraging the "start" state and sending a checkdevicename request...
Seagate Central Storage Remote Code Execution Vulnerability
Seagate Central Storage is a home network drive made by Seagate for home and small office use. A remote code execution vulnerability exists in Seagate Central Storage, which can be exploited by an attacker to execute code...
Seagate Central unauthenticated file upload
Added: 06/09/2015 Background Seagate Central is a personal cloud storage device which can be connected to a wireless router. Problem Seagate Central has no root password, allowing unauthenticated users to upload arbitrary files via PHP. This can be leveraged to execute arbitrary commands by...
Seagate Central unauthenticated file upload
Added: 06/09/2015 Background Seagate Central is a personal cloud storage device which can be connected to a wireless router. Problem Seagate Central has no root password, allowing unauthenticated users to upload arbitrary files via PHP. This can be leveraged to execute arbitrary commands by...
Seagate Central unauthenticated file upload
Added: 06/09/2015 Background Seagate Central is a personal cloud storage device which can be connected to a wireless router. Problem Seagate Central has no root password, allowing unauthenticated users to upload arbitrary files via PHP. This can be leveraged to execute arbitrary commands by...
Seagate Central unauthenticated file upload
Added: 06/09/2015 Background Seagate Central is a personal cloud storage device which can be connected to a wireless router. Problem Seagate Central has no root password, allowing unauthenticated users to upload arbitrary files via PHP. This can be leveraged to execute arbitrary commands by...
Seagate Central Remote Root Security Bypass Vulnerability
Seagate Central by default has a passwordless root account and no option to change it. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Seagate Central Remote Root
!/usr/bin/python seagateftpremoteroot.py Seagate Central Remote Root Exploit Jeremy Brown jbrown3264/gmail May 2015 -Synopsis- Seagate Central by default has a passwordless root account and no option to change it. One way to exploit this is to log into it's ftp server and upload a php shell to th...
Seagate Central 2014.0410.0026-F Remote Facebook Access Token Exploit
Seagate Central stores linked Facebook account access tokens in /etc/archiveaccounts.ser and this exploit takes advantage of two bugs - Passwordless root login via FTP to retrieve archiveaccounts.ser file which contains access tokens and reuses the unencrypted and unprotected -rw-r--r-- access...
Seagate Central Remote Facebook Access Token
!/usr/bin/python seagatecentralfacebook.py Seagate Central Remote Facebook Access Token Exploit Jeremy Brown jbrown3264/gmail May 2015 -Synopsis- Seagate Central stores linked Facebook account access tokens in /etc/archiveaccounts.ser and this exploit takes advantage of two bugs: 1 Passwordless...