347 matches found
CVE-2022-38392
Certain 5400 RPM hard drives, for laptops and other PCs in approximately 2005 and later, allow physically proximate attackers to cause a denial of service device malfunction and system crash via a resonant-frequency attack with the audio signal from the Rhythm Nation music video. A reported produ...
CVE-2020-6627
The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mvbackendlaunch in cirrus/application/helpers/mvbackendhelper.php by leveraging the "start" state and sending a checkdevicename request...
CVE-2018-18471
/api/2.0/rest/aggregator/xml in Axentra firmware, used by NETGEAR Stora, Seagate GoFlex Home, and MEDION LifeCloud, has an XXE vulnerability that can be chained with an SSRF bug to gain remote command execution as root. It can be triggered by anyone who knows the IP address of the affected device...
CVE-2018-12296
Insufficient access control in /api/external/7.0/system.System.getinfos in Seagate NAS OS version 4.3.15.1 allows attackers to obtain information about the NAS without authentication via empty POST requests...
CVE-2018-12297
Cross-site scripting in API error pages in Seagate NAS OS version 4.3.15.1 allows attackers to execute JavaScript via URL path names...
VulnCheck KEV: CVE-2018-12296
Insufficient access control in /api/external/7.0/system.System.getinfos in Seagate NAS OS version 4.3.15.1 allows attackers to obtain information about the NAS without authentication via empty POST requests...
Seagate Exos X SLP Detection
Binary data seagateexosxslpdetect.nbin...
Seagate AssuredSAN SLP Detection
Binary data seagateassuredsanslpdetect.nbin...
Seagate Lyve SLP Detection
Binary data seagatelyveslpdetect.nbin...
Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution Exploit
Exploit Title: Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution Metasploit Date: Dec 9 2019 Exploit Author: Ege Balci Vendor Homepage: https://www.seagate.com/de/de/support/external-hard-drives/network-storage/seagate-central/ Version: 2015.0916 CVE : 2020-6627 This...
Seagate Central Storage 2015.0916 User Creation / Command Execution
Exploit Title: Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution Metasploit Date: Dec 9 2019 Exploit Author: Ege Balci Vendor Homepage: https://www.seagate.com/de/de/support/external-hard-drives/network-storage/seagate-central/ Version: 2015.0916 CVE : 2020-6627 This...
Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution (Metasploit)
Exploit Title: Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution Metasploit Date: Dec 9 2019 Exploit Author: Ege Balci Vendor Homepage: https://www.seagate.com/de/de/support/external-hard-drives/network-storage/seagate-central/ Version: 2015.0916 CVE : 2020-6627 This...
Seagate Central Detection (HTTP)
HTTP based detection of Seagate Central. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.149001";...
Seagate Central <= 2015.0916 RCE Vulnerability
Seagate Central is prone to a remote code execution RCE vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
CVE-2020-6627
The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mvbackendlaunch in cirrus/application/helpers/mvbackendhelper.php by leveraging the "start" state and sending a checkdevicename request...
Command injection
The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mvbackendlaunch in cirrus/application/helpers/mvbackendhelper.php by leveraging the "start" state and sending a checkdevicename request...
CVE-2020-6627
The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mvbackendlaunch in cirrus/application/helpers/mvbackendhelper.php by leveraging the "start" state and sending a checkdevicename request...
CVE-2020-6627
The web-management application on Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300 devices allows OS command injection via mvbackendlaunch in cirrus/application/helpers/mvbackendhelper.php by leveraging the "start" state and sending a checkdevicename request...
Seagate Central NAS 操作系统命令注入漏洞
Seagate Central NAS is a family of networked storage devices from Seagate. A security vulnerability exists in the Seagate Central NAS STCG2000300, STCG3000300, and STCG4000300, which originates in the web management application that allows an attacker to exploit the "Start" state and send a...
PT-2022-9051 · Seagate · Seagate Central Nas
Name of the Vulnerable Software and Affected Versions: Seagate Central NAS versions STCG2000300, STCG3000300, and STCG4000300 Description: The web-management application on the affected devices allows OS command injection via mv backend launch in cirrus/application/helpers/mv backend helper.php b...