Vulnerability feed

Vulnerability

CVE-2021-36356

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2021-36356
Description:: KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this issue exists because of an incomplete fix for CVE-2019-17124.
Last updated date:: 04/29/2022

Reports

alt

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 05/26/2022
Reference url to background: https://cybersecurity.att.com/blogs/labs-research/rapidly-evolving-iot-malware-enemybot-now-targeting-content-management-system-servers

Type:: exploit
Confidence:: HIGH
Date of publishing:: 04/07/2022
Reference url to background: https://packetstormsecurity.com/files/166623/Kramer-VIAware-Remote-Code-Execution.html

Type:: exploit
Confidence:: HIGH
Date of publishing:: 04/29/2022
Reference url to background: http://packetstormsecurity.com/files/166623/Kramer-VIAware-Remote-Code-Execution.html

Vulnerability Feed Contributors About Blog

@inTheWild

©2024 |