Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiSteven Seeley of Source InciteZDI-15-238
HistoryMay 22, 2015 - 12:00 a.m.

(0Day) Visual Mining NetCharts Server Arbitrary File Upload Remote Code Execution Vulnerability

2015-05-2200:00:00
Steven Seeley of Source Incite
www.zerodayinitiative.com
14

0.816 High

EPSS

Percentile

98.4%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Visual Mining NetCharts Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Developer tools. An attacker can use the projectContents.jsp page to rename an arbitrary file, allowing for an uploaded file to be executed. This allows an attacker to execute arbitrary code as SYSTEM.

Related

prion 1
cve 1
cvelist 1
checkpoint_advisories 1
nvd 1
openvas 1
prion
prion
Code injection
2015-05-29 15:59:00
cve
cve
CVE-2015-4032
2015-05-29 15:59:18
cvelist
cvelist
CVE-2015-4032
2015-05-29 15:00:00
checkpoint_advisories
checkpoint_advisories
Visual Mining NetCharts Server projectContents.jsp File Rename Denial of Service (CVE-2015-4032)
2015-07-13 00:00:00
nvd
nvd
CVE-2015-4032
2015-05-29 15:59:18
openvas
openvas
NetCharts Server Multiple Vulnerabilities
2015-06-03 00:00:00

0.816 High

EPSS

Percentile

98.4%

JSON
Related for ZDI-15-238
prion1cve1cvelist1checkpoint_advisories1nvd1openvas1