Local File Inclusion – Computer Security Articles

SSD Advisory – Cisco Prime Infrastructure File Inclusion and Remote Command Execution to Privileges Escalation

October 4, 2018 admin Local File Inclusion, Privilege Escalation, Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Ori Nimron| Date: Thu, 04 Oct 2018 05:12:22 +0000

Vulnerabilities Summary Cisco Prime Infrastructure (CPI) contains two vulnerabilities that when exploited allow an unauthenticated attacker to achieve root privileges and execute code remotely. The first vulnerability is a file upload vulnerability that allows the attacker to upload and execute JSP files as the Apache Tomcat user. The second vulnerability is a privilege escalation to … Continue reading SSD Advisory – Cisco Prime Infrastructure File Inclusion and Remote Command Execution to Privileges Escalation

Independent Securiteam

SSD Advisory – phpMyAdmin File Inclusion and Remote Code Execution

July 2, 2018 admin Local File Inclusion, Remote Code Execution, SecuriTeam Secure Disclosure

Credit to Author: SSD / Ori Nimron| Date: Mon, 02 Jul 2018 12:19:53 +0000

Vulnerabilities Summary Authenticated users can exploit a file inclusion vulnerability in phpMyAdmin which can then be combined with another vulnerability, to perform Remote Code Execution. In addition, authnticated attackers can view files and execute PHP files that located on the server by exploiting a bug in the part of the code that is responsible for … Continue reading SSD Advisory – phpMyAdmin File Inclusion and Remote Code Execution

Independent Securiteam

SSD Advisory – WiseGiga NAS Multiple Vulnerabilities

September 5, 2017 admin Information Disclosure, Local File Inclusion, Remote Command Execution, SecuriTeam Secure Disclosure, Unauthenticated Action

Credit to Author: SSD / Maor Schwartz| Date: Tue, 05 Sep 2017 11:11:02 +0000

Vulnerabilities summary The following advisory describes five (5) vulnerabilities and default accounts / passwords found in WiseGiga NAS devices. WiseGiga is a Korean company selling NAS products. The vulnerabilities found in WiseGiga NAS are: Pre-Authentication Local File Inclusion (4 different vulnerabilities) Post-Authentication Local File Inclusion Remote Command Execution as root Remote Command Execution as root … Continue reading SSD Advisory – WiseGiga NAS Multiple Vulnerabilities