19 matches found
EUVD-2019-19299
Malware in sbrugna...
CVE-2019-9945
SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid...
SoftNAS Cloud Command Execution Vulnerability
SoftNAS Cloud is a software-defined NAS file management system from US-based SoftNAS. The system is primarily used to provide enterprise-class NAS functionality, including encryption, snapshots and automatic failover. A security vulnerability exists in SoftNAS Cloud versions 4.2.0 and 4.2.1. A...
CVE-2019-9945
SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid...
CVE-2019-9945
SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid...
Default configuration
SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid...
CVE-2019-9945
SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid...
CVE-2019-9945
CVE-2019-9945 affects SoftNAS Cloud 4.2.0/4.2.1. A remote attacker can gain access to the Webadmin interface and execute arbitrary commands with administrative privileges by manipulating an NGINX cookie check, potentially creating new users, if the StorageCenter ports are exposed to the internet....
CVE-2018-14417
A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthenticated attacker to execute arbitrary commands with root...
CVE-2018-14417
A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthenticated attacker to execute arbitrary commands with root...
Command injection
A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthenticated attacker to execute arbitrary commands with root...
CVE-2018-14417
SoftNAS Cloud OS Command Injection (CVE-2018-14417) affects SoftNAS Cloud prior to 4.0.3. The vulnerability is in the web administration snserv endpoint: the check/update path does not sanitize the recentVersion parameter, allowing an unauthenticated attacker to execute arbitrary commands with ro...
CVE-2018-14417
A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthenticated attacker to execute arbitrary commands with root...
SoftNAS Cloud Detection
Detection ofSoftNAS Cloud. The script sends a connection request to the server and attempts to detect SoftNAS Cloud. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
SoftNAS Cloud OS Command Injection Vulnerability
Exploit for php platform in category web applications SoftNAS Cloud OS Command Injection 1. Advisory Information Title: SoftNAS Cloud OS Command Injection Advisory ID: CORE-2018-0009 Advisory URL: http://www.coresecurity.com/advisories/softnas-cloud-OS-command-injection Date published: 2018-07-26...
SoftNAS Cloud < 4.0.3 - OS Command Injection
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SoftNAS Cloud OS Command Injection 1. Advisory Information Title: SoftNAS Cloud OS Command Injection Advisory ID: CORE-2018-0009 Advisory URL: http://www.coresecurity.com/advisories/softnas-cloud-OS-command-injection Date...
SoftNAS Cloud OS Command Injection
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SoftNAS Cloud OS Command Injection 1. Advisory Information Title: SoftNAS Cloud OS Command Injection Advisory ID: CORE-2018-0009 Advisory URL: http://www.coresecurity.com/advisories/softnas-cloud-OS-command-injection Date...
SoftNAS Cloud 4.0.3 - OS Command Injection
SoftNAS Cloud 4.0.3 - OS Command Injection Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SoftNAS Cloud OS Command Injection 1. Advisory Information Title: SoftNAS Cloud OS Command Injection Advisory ID: CORE-2018-0009 Advisory URL:...
SoftNAS Cloud OS Command Injection
Advisory ID Internal CORE-2018-0009 1. Advisory Information Title: SoftNAS Cloud OS Command Injection Advisory ID: CORE-2018-0009 Advisory URL:https://www.coresecurity.com/core-labs/advisories/softnas-cloud-os-command-injection Date published: 2018-07-26 Date of last update: 2018-07-26 Vendors...