CVE

Id
88343  
CVE No.
CVE-2016-1524  
Status
Candidate  
Description
Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for a /null URI.  
Phase
Assigned (20160107)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
767004 88343 CVE-2016-1524 BUGTRAQ:20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300  View
767005 88343 CVE-2016-1524 URL:http://www.securityfocus.com/archive/1/archive/1/537446/100/0/threaded  View
767006 88343 CVE-2016-1524 EXPLOIT-DB:39412  View
767007 88343 CVE-2016-1524 URL:https://www.exploit-db.com/exploits/39412/  View
767008 88343 CVE-2016-1524 FULLDISC:20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300  View
767009 88343 CVE-2016-1524 URL:http://seclists.org/fulldisclosure/2016/Feb/30  View
767010 88343 CVE-2016-1524 MISC:http://packetstormsecurity.com/files/135618/Netgear-Pro-NMS-300-Code-Execution-File-Download.html  View
767011 88343 CVE-2016-1524 CERT-VN:VU#777024  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
2028 JVNDB-2016-002801 複数の Apple 製品で使用される libxml2 の htmlPArsePubidLiteral および htmlParseSystemiteral 関数におけるサービス運用妨害 (DoS) の脆弱性 複数の Apple 製品で使用される libxml2 の (1) htmlPArsePubidLiteral および (2) htmlParseSystemiteral 関数には、解放済みメモリの使用 (Use-after-free) により、サービス運用妨害 (DoS) 状態にされる脆弱性が存在します。 CVE-2016-1837 88343 6.8 8.8 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-002801.html  View