Published: 31/08/2021 Updated: 29/04/2022

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

KRAMER VIAware through August 2021 allows remote malicious users to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this issue exists because of an incomplete fix for CVE-2019-17124.

Vulnerable Product	Search on Vulmon	Subscribe to Product
kramerav viaware

Kramer VIAware remote code execution exploit that achieves root ...

Python script to exploit CVE-2021-35064 and CVE-2021-36356

CVE-2021-36356 and CVE-2021-35064 PoC Usage: ______ _______ ____ ___ ____ _ _________ ___ __ _ _ / ___\ \ / / ____| |___ \ / _ \___ \/ | |___ / ___| / _ \ / /_ | || | | | \ \ / /| _| _____ __) | | | |__) | |_____ |_ \___ \| | | | '_ \| || |_ | |___ \ V / | |__|_____/ __/| |_| / __/| |_____|__) |__) | |_| | (_) |__ _| \_

CWE-434 https://write-up.github.io/kramerav/http://packetstormsecurity.com/files/166623/Kramer-VIAware-Remote-Code-Execution.html https://nvd.nist.gov https://github.com/Chocapikk/CVE-2021-35064 https://packetstormsecurity.com/files/166623/Kramer-VIAware-Remote-Code-Execution.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-36356

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect