CVE

Id
88344  
CVE No.
CVE-2016-1525  
Status
Candidate  
Description
Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the realName parameter.  
Phase
Assigned (20160107)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
767012 88344 CVE-2016-1525 BUGTRAQ:20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300  View
767013 88344 CVE-2016-1525 URL:http://www.securityfocus.com/archive/1/archive/1/537446/100/0/threaded  View
767014 88344 CVE-2016-1525 EXPLOIT-DB:39515  View
767015 88344 CVE-2016-1525 URL:https://www.exploit-db.com/exploits/39515/  View
767016 88344 CVE-2016-1525 EXPLOIT-DB:39412  View
767017 88344 CVE-2016-1525 URL:https://www.exploit-db.com/exploits/39412/  View
767018 88344 CVE-2016-1525 FULLDISC:20160204 [CERT 777024 / CVE-2016-1524/5]: RCE and file download in Netgear NMS300  View
767019 88344 CVE-2016-1525 URL:http://seclists.org/fulldisclosure/2016/Feb/30  View
767020 88344 CVE-2016-1525 MISC:http://packetstormsecurity.com/files/135999/NETGEAR-ProSafe-Network-Management-System-300-Arbitrary-File-Upload.html  View
767021 88344 CVE-2016-1525 MISC:http://www.rapid7.com/db/modules/exploit/windows/http/netgear_nms_rce  View
767022 88344 CVE-2016-1525 MISC:http://packetstormsecurity.com/files/135618/Netgear-Pro-NMS-300-Code-Execution-File-Download.html  View
767023 88344 CVE-2016-1525 CERT-VN:VU#777024  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
2029 JVNDB-2016-002802 複数の Apple 製品で使用される libxml2 の xmlPArserPrintFileContextInternal 関数におけるサービス運用妨害 (DoS) の脆弱性 複数の Apple 製品で使用される libxml2 の xmlPArserPrintFileContextInternal 関数には、サービス運用妨害 (ヒープベースのバッファオーバーリード) 状態にされる脆弱性が存在します。 CVE-2016-1838 88344 6.8 8.8 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-002802.html  View