Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

CVE-2021-36356

EPSS 93.00% · P100
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-36356

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames (even though browseSystemFiles.php is no longer reachable via the GUI). NOTE: this issue exists because of an incomplete fix for CVE-2019-17124.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Kramer Electronics VIAware 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Kramer Electronics VIAware是以色列克莱默电子(Kramer Electronics)公司的一套无线演示协作软件解决方案。 Kramer Electronics VIAware 存在代码问题漏洞,该漏洞源于 KRAMER VIAware 允许远程攻击者执行任意代码,因为 ajaxPages/writeBrowseFilePathAjax.php 接受任意可执行路径名(即使 browseSystemFiles.php 不再可通过 GUI 访问)。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2021-36356

#POC DescriptionSource LinkShenlong Link
1KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writeBrowseFilePathAjax.php accepts arbitrary executable pathnames.https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-36356.yamlPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-36356

登录查看更多情报信息。

Same Patch Batch · n/a · 2021-08-31 · 33 CVEs total

CVE-2021-22944Ubiquiti Networks UniFi Protect 访问控制错误漏洞
CVE-2021-40330Git 处理逻辑错误漏洞
CVE-2021-36981SerNet verinice 代码问题漏洞
CVE-2021-3634Libssh 缓冲区错误漏洞
CVE-2021-27556Nature Easy Soft Network Technology ZenTao 操作系统命令注入漏洞
CVE-2021-27557Nature Easy Soft Network Technology ZenTao 跨站请求伪造漏洞
CVE-2021-27558Nature Easy Soft Network Technology ZenTao 跨站脚本漏洞
CVE-2020-13639Outsystems OutSystems Platform 跨站脚本漏洞
CVE-2021-38145Form Tools SQL注入漏洞
CVE-2021-38143Form Tools 跨站脚本漏洞
CVE-2021-38144Form Tools 跨站脚本漏洞
CVE-2020-19046S-CMS 跨站脚本漏洞
CVE-2020-19047iWebShop 跨站请求伪造漏洞
CVE-2020-19048MyBB 跨站脚本漏洞
CVE-2020-19049MyBB 跨站脚本漏洞
CVE-2021-22684Samsung Galaxy Gear Series Tizen 输入验证错误漏洞
CVE-2020-20495bludit 安全漏洞
CVE-2021-22943Ubiquiti Networks UniFi Protect 授权问题漏洞
CVE-2021-22929Brave 日志信息泄露漏洞
CVE-2021-21811AT&T Labs Xmill 数字错误漏洞

Showing top 20 of 33 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2021-36356

No comments yet

Leave a comment