11 matches found
CVE-2019-9945
SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid...
SoftNAS Cloud Command Execution Vulnerability
SoftNAS Cloud is a software-defined NAS file management system from US-based SoftNAS. The system is primarily used to provide enterprise-class NAS functionality, including encryption, snapshots and automatic failover. A security vulnerability exists in SoftNAS Cloud versions 4.2.0 and 4.2.1. A...
CVE-2019-9945
SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid...
CVE-2018-14417
A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthenticated attacker to execute arbitrary commands with root...
CVE-2018-14417
A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthenticated attacker to execute arbitrary commands with root...
Command injection
A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthenticated attacker to execute arbitrary commands with root...
CVE-2018-14417
SoftNAS Cloud OS Command Injection (CVE-2018-14417) affects SoftNAS Cloud prior to 4.0.3. The vulnerability is in the web administration snserv endpoint: the check/update path does not sanitize the recentVersion parameter, allowing an unauthenticated attacker to execute arbitrary commands with ro...
CVE-2018-14417
A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthenticated attacker to execute arbitrary commands with root...
SoftNAS Cloud Detection
Detection ofSoftNAS Cloud. The script sends a connection request to the server and attempts to detect SoftNAS Cloud. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
SoftNAS Cloud OS Command Injection Vulnerability
Exploit for php platform in category web applications SoftNAS Cloud OS Command Injection 1. Advisory Information Title: SoftNAS Cloud OS Command Injection Advisory ID: CORE-2018-0009 Advisory URL: http://www.coresecurity.com/advisories/softnas-cloud-OS-command-injection Date published: 2018-07-26...
SoftNAS Cloud < 4.0.3 - OS Command Injection
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SoftNAS Cloud OS Command Injection 1. Advisory Information Title: SoftNAS Cloud OS Command Injection Advisory ID: CORE-2018-0009 Advisory URL: http://www.coresecurity.com/advisories/softnas-cloud-OS-command-injection Date...