9 matches found
Metasploit Weekly Wrap-Up
Throw another log file on the fire Our own Stephen Fewer authored a module targeting CVE-2023-26360 affecting ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier. The vulnerability allows multiple paths to code execution, but our module works by leveraging a...
Icinga Web 2.10 - Arbitrary File Disclosure Exploit
!/usr/bin/env python3 Exploit Title: Icinga Web 2.10 - Arbitrary File Disclosure Date: 2023-03-19 Exploit Author: Jacob Ebben Vendor Homepage: https://icinga.com/ Software Link: https://github.com/Icinga/icingaweb2 Version: 2.8.6, 2.9.6, 2.10 Tested on: Icinga Web 2 Version 2.9.2 on Linux CVE:...
Icinga Web 2.10 - Arbitrary File Disclosure
!/usr/bin/env python3 Exploit Title: Icinga Web 2.10 - Arbitrary File Disclosure Date: 2023-03-19 Exploit Author: Jacob Ebben Vendor Homepage: https://icinga.com/ Software Link: https://github.com/Icinga/icingaweb2 Version: 2.8.6, 2.9.6, 2.10 Tested on: Icinga Web 2 Version 2.9.2 on Linux CVE:...
Exploit for Path Traversal in Icinga Icinga_Web_2
CVE-2022-24716 Arbitrary File Disclosure Vulnerability in Ici...
Exploit for Path Traversal in Icinga Icinga_Web_2
CVE-2022-24716 Exploit for the vulnerability: Arbitrary File...
Vulnerabilities fixed in Icinga Web 2
Several vulnerabilities have been fixed in Icinga Web 2. The vulnerability with the attribute CVE-2022-24716 allows an unauthenticated malicious party to use a path-traversal to obtain to obtain files that may contain database credentials. The vulnerabilities with attributes CVE-2022-24714 and...
CVE-2022-24716
creationtimestamp| type| source ---|---|--- 2022-03-08 22:40:55+00:00| seen| https://t.me/cibsecurity/38556 2023-03-21 09:01:04+00:00| published-proof-of-concept| https://t.me/dilagrafie/2612 2023-03-21 11:01:01+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/7967...
CVE-2022-24716 Path traversal in Icinga Web 2
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including icingaweb2 configuration files with database credentials. This issue has been resolv...
CVE-2022-24716
CVE-2022-24716 affects Icinga Web 2: Unauthenticated arbitrary file disclosure via directory traversal in the web interface, exposed through the icinga-php-thirdparty/library paths. Root cause: directory traversal allowing access to local files (e.g., icingaweb2 config with DB credentials). Impac...