55 matches found
CVE-2022-37424
CVE-2022-37424 concerns OpenNebula on Linux. The vulnerability arises from the FILES directive, which may allow arbitrary files from the frontend system (including sensitive files) to be included when a VM is started from a template, potentially causing Information Disclosure. Affected details (s...
CVE-2022-37424 The FILES Directive allows arbitrary files from the frontend system (including sensitive files) to be included when a VM is started from that template, which may result in Information Disclosure.
Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows File Discovery...
OpenNebula 安全漏洞
OpenNebula is OpenNebula open source a cloud computing platform for managing heterogeneous distributed data center infrastructures. A security vulnerability exists in OpenNebula that stems from a file or directory being accessible to an outsider, allowing file discovery...
Mustang Panda targets European diplomats using enhanced PlugX backdoor
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Mustang Panda, a Chinese cyberespionage group, has been targeting European diplomats with a revised version of the PlugX backdoor in an ongoing campaign linked to the ongoing conflict in Ukraine. The group, also known as...
Snaffler - A Tool For Pentesters To Help Find Delicious Candy
Snaffler is a tool for pentesters to help find delicious candy needles creds mostly, but it's flexible in a bunch of horrible boring haystacks a massive Windows/AD environment. It might also be useful for other people doing other stuff, but it is explicitly NOT meant to be an "audit" tool. I don'...
Aptdaemon Security Vulnerabilities
Aptdaemon is a code library for pypi for individual developers. The library functions allow package management tasks to be performed in a DBus-controlled background process. Aptdaemon has a security vulnerability that can be exploited by an attacker to detect local files via Aptdaemon, bypass dat...
The vulnerability of the virDomainSaveImageGetXMLDesc() function in the Libvirt virtualization management library allows a attacker to cause a service failure, execute arbitrary code, or determine the presence and size of arbitrary files.
The vulnerability of the virDomainSaveImageGetXMLDesc function in the Libvirt virtualization management library is due to access control errors. Exploiting this vulnerability could allow an attacker to cause a service failure, execute arbitrary code, or determine the presence and size of arbitrar...
UBUNTU-CVE-2019-11767
Server side request forgery SSRF in phpBB before 3.2.6 allows checking for the existence of files and services on the local network of the host through the remote avatar upload function...
CVE-2018-15750
Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server...
PowerMeta - PowerShell Script to Search Publicly Files for a Particular Domain and Get the Associated MetaData
PowerMeta searches for publicly available files hosted on various websites for a particular domain by using specially crafted Google, and Bing searches. It then allows for the download of those files from the target domain. After retrieving the files, the metadata associated with them can be...
CVE-2016-3298
Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to determine the existence of arbitrary files via a crafted web site, aka "Internet Explorer Information Disclosure...
The Mystery of Duqu
First of all, we feel it necessary to clarify some of the confusion surrounding the files and their names related to this incident. To get a full understanding of the situation you only need to know that we’re talking about just two malicious programs here at a minimum – the main module and a...
HTTP File Same Name Directory Scanner
This module identifies the existence of files in a given directory path named as the same name of the directory. Only works if PATH is different than '/'. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
googleProxy.txt
This document can be found online at: - http://metasploit.com/research/vulns/googleproxystylesheet/ Title: Google Search Appliance proxystylesheet Flaws Release Date: November 21, 2005 Patch Date: August 16, 2005 Reported Date: June 10, 2005 Vendor: Google Systems Affected: Google Mini Search...
[Full-disclosure] Google Search Appliance proxystylesheet Flaws
This document can be found online at: - http://metasploit.com/research/vulns/googleproxystylesheet/ Title: Google Search Appliance proxystylesheet Flaws Release Date: November 21, 2005 Patch Date: August 16, 2005 Reported Date: June 10, 2005 Vendor: Google Systems Affected: Google Mini Search...