114 matches found
CVE-2020-8654
An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/moduleframe/index.php autodiscovery.php target field...
CVE-2020-8654
An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/moduleframe/index.php autodiscovery.php target field...
Command injection
An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/moduleframe/index.php autodiscovery.php target field...
CVE-2020-8654
An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/moduleframe/index.php autodiscovery.php target field...
CVE-2020-8654
EyesOfNetwork 5.1–5.3 contains a command-injection vulnerability in the AutoDiscovery target field that allows an authenticated web user with sufficient privileges to execute arbitrary OS commands (e.g., id) via /module/module_frame/index.php autodiscovery.php. Public PoCs and exploits exist (e.g...
EyesOfNetwork Arbitrary OS Command Execution Vulnerability
EyesOfNetwork EON is an open source, free IT monitoring solution. The solution provides features such as business process configuration tools, generating pop-up windows when events occur in the active queue, and more. An arbitrary OS command execution vulnerability exists in EyesOfNetwork 5.3,...
Jenkins Detection Consolidation
Consolidation of Jenkins automation server detections. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
Nagios XI Magpie_debug.php Root Remote Code Execution
This module exploits two vulnerabilities in Nagios XI 'Nagios XI Magpiedebug.php Root Remote Code Execution', 'Description' = %q This module exploits two vulnerabilities in Nagios XI MSFLICENSE, 'Author' = 'Chris Lyne @lynerc', Discovery and exploit 'Guillaume André @yaumn', Metasploit module...
CVE-2019-9164
Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job...
CVE-2019-9164
Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job...
Command injection
Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job...
CVE-2019-9164
Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job...
PT-2019-19405 · Nagios · Nagios Xi
Name of the Vulnerable Software and Affected Versions: Nagios XI versions prior to 5.5.11 Description: The issue allows authenticated users to execute arbitrary remote commands via a new autodiscovery job. There have been reports of cross-site scripting XSS that can lead to root remote code...
UBUNTU-CVE-2018-18358
Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file...
June 14, 2016 — KB3163017 (OS Build 10240.16942)
June 14, 2016 — KB3163017 OS Build 10240.16942 This update includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key changes include: Improved reliability of Internet Explorer 11, Microsoft Edge, and Windows Explorer. Improved...
Problems with Automatic DNS Registration and Autodiscovery
The CERT Coordination Center CERT/CC has released information on problems associated with small office/home office routers using automatic Domain Name System DNS registration and autodiscovery. An attacker could exploit these problems to obtain sensitive information. NCCIC encourages users and...
Automatic DNS registration and proxy autodiscovery allow spoofing of network services
Overview Automatic DNS registration and autodiscovery functionality provides an opportunity for the misconfiguration of networks, resulting in a loss of confidentiality and integrity of the network if an attacker on the network adds a specially configured proxy device. Description The Web Proxy...
How to verify if AutoDiscovery is Enabled for a Domain in Citrix AutoDiscovery Service for Citrix Endpoint Management
After enabling the ADS service for Citrix Endpoint Management mostly we would need to try enrolling a device to validate the ADS is enabled.Alternatively, we could verify the same in a different way...
Skype for business is also vulnerable to the autodiscovery issue
An issue in WPAD proxy automatic configuration was first discovered by Maxim Andreev back in 2015 at the MailRu group security meet-up and then was presented by Maxim Goncharov at BlackHat US 2016 slides. This year Ilya Nesterov and Maxim Goncharov presented a continuation of this research and...
Creating a Seamless User Experience with XenMobile Email Enrollment for Secure Mail SSO
With the recent Secure Mail update, you can now configure Citrix Secure Mail to provide single sign-on SSO for users through the use of an automatic provisioning mechanism during your first-time use. Secure Mail consumes the user credentials that users enter to authenticate to Secure Hub to...