Lucene search
K

114 matches found

NVD
NVD
added 2020/02/07 12:15 a.m.14 views

CVE-2020-8654

An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/moduleframe/index.php autodiscovery.php target field...

9CVSS9AI score0.85646EPSS
Exploits9References3
OSV
OSV
added 2020/02/07 12:15 a.m.7 views

CVE-2020-8654

An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/moduleframe/index.php autodiscovery.php target field...

8.8CVSS6.9AI score
Exploits0References3
Prion
Prion
added 2020/02/07 12:15 a.m.11 views

Command injection

An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/moduleframe/index.php autodiscovery.php target field...

9CVSS9.1AI score0.85646EPSS
Exploits9References3Affected Software1
Cvelist
Cvelist
added 2020/02/06 11:55 p.m.38 views

CVE-2020-8654

An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the /module/moduleframe/index.php autodiscovery.php target field...

9AI score0.85646EPSS
Exploits9References3
CVE
CVE
added 2020/02/06 11:55 p.m.206 views

CVE-2020-8654

EyesOfNetwork 5.1–5.3 contains a command-injection vulnerability in the AutoDiscovery target field that allows an authenticated web user with sufficient privileges to execute arbitrary OS commands (e.g., id) via /module/module_frame/index.php autodiscovery.php. Public PoCs and exploits exist (e.g...

9CVSS8AI score0.85646EPSS
Exploits9References3Affected Software1
CNVD
CNVD
added 2020/02/06 12:0 a.m.2 views

EyesOfNetwork Arbitrary OS Command Execution Vulnerability

EyesOfNetwork EON is an open source, free IT monitoring solution. The solution provides features such as business process configuration tools, generating pop-up windows when events occur in the active queue, and more. An arbitrary OS command execution vulnerability exists in EyesOfNetwork 5.3,...

9CVSS7.5AI score0.85646EPSS
Exploits9References1
OpenVAS
OpenVAS
added 2019/07/24 12:0 a.m.9 views

Jenkins Detection Consolidation

Consolidation of Jenkins automation server detections. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

7.3AI score
Exploits0References1
Metasploit
Metasploit
added 2019/06/25 9:10 p.m.67 views

Nagios XI Magpie_debug.php Root Remote Code Execution

This module exploits two vulnerabilities in Nagios XI 'Nagios XI Magpiedebug.php Root Remote Code Execution', 'Description' = %q This module exploits two vulnerabilities in Nagios XI MSFLICENSE, 'Author' = 'Chris Lyne @lynerc', Discovery and exploit 'Guillaume André @yaumn', Metasploit module...

9.8CVSS1AI score0.89362EPSS
Exploits10
NVD
NVD
added 2019/03/28 5:29 p.m.23 views

CVE-2019-9164

Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job...

8.8CVSS9AI score0.45972EPSS
Exploits3References4
OSV
OSV
added 2019/03/28 5:29 p.m.5 views

CVE-2019-9164

Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job...

8.8CVSS7.6AI score0.45972EPSS
Exploits3References4
Prion
Prion
added 2019/03/28 5:29 p.m.17 views

Command injection

Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job...

6.5CVSS8.9AI score0.45972EPSS
Exploits3References4Affected Software1
Cvelist
Cvelist
added 2019/03/28 4:43 p.m.28 views

CVE-2019-9164

Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job...

9AI score0.45972EPSS
Exploits3References4
Positive Technologies
Positive Technologies
added 2019/03/28 12:0 a.m.8 views

PT-2019-19405 · Nagios · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI versions prior to 5.5.11 Description: The issue allows authenticated users to execute arbitrary remote commands via a new autodiscovery job. There have been reports of cross-site scripting XSS that can lead to root remote code...

8.8CVSS8.7AI score0.45972EPSS
Exploits3References6
OSV
OSV
added 2018/12/11 4:29 p.m.2 views

UBUNTU-CVE-2018-18358

Lack of special casing of localhost in WPAD files in Google Chrome prior to 71.0.3578.80 allowed an attacker on the local network segment to proxy resources on localhost via a crafted WPAD file...

5.7CVSS7.3AI score0.00443EPSS
Exploits0References2
Microsoft KB
Microsoft KB
added 2018/10/09 12:0 a.m.5 views

June 14, 2016 — KB3163017 (OS Build 10240.16942)

June 14, 2016 — KB3163017 OS Build 10240.16942 This update includes quality improvements and security fixes. No new operating system features are being introduced in this update. Key changes include: Improved reliability of Internet Explorer 11, Microsoft Edge, and Windows Explorer. Improved...

7AI score
Exploits0
CISA
CISA
added 2018/09/05 12:0 a.m.15 views

Problems with Automatic DNS Registration and Autodiscovery

The CERT Coordination Center CERT/CC has released information on problems associated with small office/home office routers using automatic Domain Name System DNS registration and autodiscovery. An attacker could exploit these problems to obtain sensitive information. NCCIC encourages users and...

6.5AI score
Exploits0References1
CERT
CERT
added 2018/09/05 12:0 a.m.761 views

Automatic DNS registration and proxy autodiscovery allow spoofing of network services

Overview Automatic DNS registration and autodiscovery functionality provides an opportunity for the misconfiguration of networks, resulting in a loss of confidentiality and integrity of the network if an attacker on the network adds a specially configured proxy device. Description The Web Proxy...

7.6CVSS6.9AI score0.5389EPSS
Exploits12References2
Citrix
Citrix
added 2018/02/26 12:0 a.m.8 views

How to verify if AutoDiscovery is Enabled for a Domain in Citrix AutoDiscovery Service for Citrix Endpoint Management

After enabling the ADS service for Citrix Endpoint Management mostly we would need to try enrolling a device to validate the ADS is enabled.Alternatively, we could verify the same in a different way...

7AI score
Exploits0
Ivan 'd0znpp' Novikov
Ivan 'd0znpp' Novikov
added 2017/07/20 3:10 a.m.61 views

Skype for business is also vulnerable to the autodiscovery issue

An issue in WPAD proxy automatic configuration was first discovered by Maxim Andreev back in 2015 at the MailRu group security meet-up and then was presented by Maxim Goncharov at BlackHat US 2016 slides. This year Ilya Nesterov and Maxim Goncharov presented a continuation of this research and...

6.9AI score
Exploits0
Citrix
Citrix
added 2017/06/01 12:0 a.m.8 views

Creating a Seamless User Experience with XenMobile Email Enrollment for Secure Mail SSO

With the recent Secure Mail update, you can now configure Citrix Secure Mail to provide single sign-on SSO for users through the use of an automatic provisioning mechanism during your first-time use. Secure Mail consumes the user credentials that users enter to authenticate to Secure Hub to...

6.8AI score
Exploits0
Rows per page
Query Builder