Mirth Connect 4.4.0 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Mirth Connect Deserialization RCE', 'Description' = %q A vulnerability exists within Mirth Connect due to its mishandling of deserialized data...

Mirth Connect Deserialization RCE

A vulnerability exists within Mirth Connect due to its mishandling of deserialized data. This vulnerability can be leveraged by an attacker using a crafted HTTP request to execute OS commands within the context of the target application. The original vulnerability was identified by IHTeam and...

Memory corruption

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true: the application uses Spring MVC Spring Security 6.1....

VMware Spring Framework 6.0.15 / 6.1.2 DoS Vulnerability

The VMware Spring Framework is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

F5 Networks BIG-IP : HTTP redirect vulnerability (K000137322)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.3 / 16.1.4.2 / 17.1.1.1. It is, therefore, affected by a vulnerability as referenced in the K000137322 advisory. - A specifically crafted HTTP request may lead the BIG-IP system to generate multiple HTTP redirect...

CVE-2023-48730

A cross-site scripting xss vulnerability exists in the navbarMenuAndLogo.php user name functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get a user to visit a webpage to trigger this vulnerabilit...

CVE-2023-49738

An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary file read...

CVE-2023-48260

The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request...

Cross site request forgery (csrf)

The vulnerability allows a remote attacker to access sensitive data inside exported packages or obtain up to Remote Code Execution RCE with root privileges on the device. The vulnerability can be exploited directly by authenticated users, via crafted HTTP requests, or indirectly by unauthenticate...

Cross site request forgery (csrf)

The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request...

CVE-2023-48261

The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request...

CVE-2023-48260

The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request...

CVE-2023-48259

The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request...

CVE-2023-48253

The vulnerability allows a remote authenticated attacker to read or update arbitrary content of the authentication database via a crafted HTTP request. By abusing this vulnerability it is possible to exfiltrate other users’ password hashes or update them with arbitrary values and access their...

CVE-2023-48252

The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests...

CVE-2023-48252

The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests...

CVE-2023-48246

The vulnerability allows a remote attacker to download arbitrary files in all paths of the system under the context of the application OS user “root” via a crafted HTTP request...

CVE-2023-48242

The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user “root” via a crafted HTTP request...

CVE-2023-48242

The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user “root” via a crafted HTTP request...

Cross site request forgery (csrf)

The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user “root” via a crafted HTTP request...