Lucene search
K

15 matches found

Nuclei
Nuclei
added 4 days ago182 views

XML-RPC Server - Remote Code Execution

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisor namespace lookups. id: CVE-2017-11610 info: name: XML-RPC Serve...

9CVSS7.6AI score0.87544EPSS
Exploits10References5
GithubExploit
GithubExploit
added 2026/05/27 6:44 p.m.112 views

Exploit for Incorrect Default Permissions in Supervisord Supervisor

LAB 3 — Supervisord XML-RPC Remote Code Execution CVE-2017-11...

9CVSS7.7AI score0.87544EPSS
Exploits10
Tenable Nessus
Tenable Nessus
added 2024/04/27 12:0 a.m.27 views

RHEL 7 : Red Hat CloudForms (RHSA-2017:3005)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:3005 advisory. Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual...

9CVSS8.2AI score0.87544EPSS
Exploits10References165
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.24 views

Mageia: Security Advisory (MGASA-2017-0263)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9CVSS8.8AI score0.87544EPSS
Exploits10References4
RedHat Linux
RedHat Linux
added 2017/10/24 12:15 a.m.89 views

Important: Red Hat Security Advisory: Red Hat CloudForms security, bug fix, and enhancement update

An update is now available for CloudForms Management Engine 5.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

9CVSS7.6AI score0.87544EPSS
Exploits10References162
Packet Storm
Packet Storm
added 2017/09/25 12:0 a.m.217 views

Supervisor XML-RPC Authenticated Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Supervisor XML-RPC Authenticated Remote Code Execution", 'Description' = %q This module exploits a vulnerability in the Supervisor process control...

9CVSS0.5AI score0.87544EPSS
Exploits10
Circl
Circl
added 2017/09/25 12:0 a.m.11 views

CVE-2017-11610

creationtimestamp| type| source ---|---|--- 2017-09-25 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/42779 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/supervisorxmlrpcexec.rb 2020-10-09 14:02:27+00:00|...

9CVSS7.3AI score0.87544EPSS
Exploits10References4
Exploit DB
Exploit DB
added 2017/09/25 12:0 a.m.85 views

Supervisor 3.0a1 < 3.3.2 - XML-RPC (Authenticated) Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Supervisor XML-RPC Authenticated Remote Code Execution", 'Description' = %q This module exploits a vulnerability in the Supervisor process control...

9CVSS9AI score0.87544EPSS
Exploits10
UbuntuCve
UbuntuCve
added 2017/08/23 2:29 p.m.46 views

CVE-2017-11610

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups...

9CVSS7.3AI score0.87544EPSS
Exploits10References2
NVD
NVD
added 2017/08/23 2:29 p.m.26 views

CVE-2017-11610

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups...

9CVSS8.6AI score0.87544EPSS
Exploits10References12
CVE
CVE
added 2017/08/23 2:0 p.m.268 views

CVE-2017-11610

CVE-2017-11610 affects the XML-RPC server in Supervisor. An authenticated client can send a crafted XML-RPC request that exploits nested supervisord namespace lookups to execute arbitrary commands on the server, running with the same user as supervisord (potentially root). The issue is triggered ...

9CVSS8.4AI score0.87544EPSS
In wildExploits10References12Affected Software1
AlpineLinux
AlpineLinux
added 2017/08/23 2:0 p.m.39 views

CVE-2017-11610

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups...

9CVSS8.7AI score0.87544EPSS
Exploits10
OSV
OSV
added 2017/08/13 1:17 p.m.7 views

MGASA-2017-0263 Updated supervisor packages fix security vulnerability

A vulnerability has been found where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root...

9CVSS8.6AI score0.87544EPSS
Exploits10References3
Mageia
Mageia
added 2017/08/13 1:17 p.m.46 views

Updated supervisor packages fix security vulnerability

A vulnerability has been found where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root...

9CVSS2.9AI score0.87544EPSS
Exploits10References2
seebug.org
seebug.org
added 2017/07/27 12:0 a.m.67 views

Supervisor Authenticated Remote Code Execution(CVE-2017-11610)

Vulnerability Summary The following advisory describes an authenticated remote code execution vulnerability in Supervisor version 3.1.2 and Supervisor version 3.3.2. Supervisor is a client/server system that allows its users to monitor and control a number of processes on UNIX-like operating...

9CVSS9.3AI score0.87544EPSS
Exploits10
Rows per page
Query Builder