CVE-2020-5289 Read permissions not enforced for client provided filter expressions in Elide http client

In Elide before 4.5.14, it is possible for an adversary to "guess and check" the value of a model field they do not have access to assuming they can read at least one other field in the model. The adversary can construct filter expressions for an inaccessible field to filter a collection. The...

com.agorapulse:micronaut-snitch (>=0.1.2 <=1.1.3), io.github.oleksivio.tl.kbot:micronaut (=1.6.0) +14 more potentially affected by CVE-2020-7611 via io.micronaut:micronaut-http-client (>=1.0.0 <=1.2.10)

io.micronaut:micronaut-http-client MAVEN version =1.0.0, =0.1.2, =1.4.0, =1.1.0, =1.0.0, =1.0.0, =1.2.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.19, =1.2.19, =1.0.3, =1.3.1 and more Source cves: CVE-2020-7611 Source advisory: OSV:GHSA-694P-XRHG-X3WM...

io.micronaut.configuration:micronaut-netflix-ribbon (=1.1.0), io.micronaut.configuration:micronaut-security-oauth2 (>=1.3.0 <=1.3.1) +3 more potentially affected by CVE-2020-7611 via io.micronaut:micronaut-http-client (>=1.3.0 <=1.3.1)

io.micronaut:micronaut-http-client MAVEN version =1.3.0, =1.3.0, =1.3.0, =1.3.0, =1.3.0, =1.3.1 Source cves: CVE-2020-7611 Source advisory: OSV:GHSA-694P-XRHG-X3WM...

Micronaut's HTTP client is vulnerable to HTTP Request Header Injection

Vulnerability Micronaut's HTTP client is vulnerable to "HTTP Request Header Injection" due to not validating request headers passed to the client. Example of vulnerable code: java @Controller"/hello" public class HelloController @Inject @Client"/" RxHttpClient client; @Get"/external-exploit"...

com.agorapulse:micronaut-snitch (>=0.1.2 <=1.1.3), io.github.oleksivio.tl.kbot:micronaut (=1.6.0) +14 more potentially affected by CVE-2020-7611 via io.micronaut:micronaut-http-client (>=1.0.0 <=1.2.10)

io.micronaut:micronaut-http-client MAVEN version =1.0.0, =0.1.2, =1.4.0, =1.1.0, =1.0.0, =1.0.0, =1.2.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.19, =1.2.19, =1.0.3, =1.3.1 and more Source cves: CVE-2020-7611 Source advisory: SNYK:JAVA-IOMICRONAUT-561342...

io.micronaut.configuration:micronaut-netflix-ribbon (=1.1.0), io.micronaut.configuration:micronaut-security-oauth2 (>=1.3.0 <=1.3.1) +3 more potentially affected by CVE-2020-7611 via io.micronaut:micronaut-http-client (>=1.3.0 <=1.3.1)

io.micronaut:micronaut-http-client MAVEN version =1.3.0, =1.3.0, =1.3.0, =1.3.0, =1.3.0, =1.3.1 Source cves: CVE-2020-7611 Source advisory: SNYK:JAVA-IOMICRONAUT-561342...

HTTP Request Header Injection

Overview io.micronaut:micronaut-http-client is a modern, JVM-based, full stack microservices framework designed for building modular, easily testable microservice applications. Affected versions of this package are vulnerable to HTTP Request Header Injection due to not validating request headers...

Pandora FMS Ping Authenticated Remote Code Execution

This module exploits a vulnerability found in Pandora FMS 7.0NG and lower. nettools.php in Pandora FMS 7.0NG allows remote attackers to execute arbitrary OS commands. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...

OpenNetAdmin Ping Command Injection Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenNetAdmin Ping Command Injection', 'Description' = %q This module exploits a command injection in OpenNetAdmin between 8.5.14 and 18.1.1. ,...

Aduket - Straight-forward HTTP Client Testing, Assertions Included

Straight-forward HTTP client testing, assertions included! Simple httptest.Server wrapper with a little request recorder spice on it. No special DSL, no complex API to learn. Just create a server and fire your request like an Hadouken then assert them. TODO Add example usages Add docs Add respons...

Centreon 19.10.5 - (Pollers) Remote Command Execution Exploit

Exploit for php platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Centreon Poller Authenticated Remote Command Execution', 'Description' = %q TODO , 'Author'...

Huawei EulerOS: Security Advisory for java-1.7.0-openjdk (EulerOS-SA-2017-1099)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for java-1.8.0-openjdk (EulerOS-SA-2017-1073)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python (EulerOS-SA-2017-1186)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for python (EulerOS-SA-2019-1434)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-3C45-WGJP-7V9R Python Twisted trustRoot is not respected in HTTP client

Python Twisted 14.0.0 trustRoot is not respected in HTTP client...

Python Twisted trustRoot is not respected in HTTP client

Python Twisted 14.0.0 trustRoot is not respected in HTTP client...

Metasploit Sample Webapp Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This exploit sample shows how an exploit module could be written to exploit a bug in an arbitrary web server class MetasploitModule 'Sample Webapp Exploit', 'Description...

OpenNetAdmin 18.1.1 - Command Injection Exploit (Metasploit)

OpenNetAdmin 18.1.1 - Command Injection Exploit Metasploit class MetasploitModule 'OpenNetAdmin Ping Command Injection', 'Description' = %q This module exploits a command injection in OpenNetAdmin between 8.5.14 and 18.1.1. , 'Author' = 'mattpascoe', Vulnerability discovery 'Onur ER ' Metasploit...

OpenNetAdmin 18.1.1 - Command Injection Exploit #RCE

Exploit for php platform in category web applications class MetasploitModule 'OpenNetAdmin Ping Command Injection', 'Description' = %q This module exploits a command injection in OpenNetAdmin between 8.5.14 and 18.1.1. , 'Author' = 'mattpascoe', Vulnerability discovery 'Onur ER ' Metasploit modul...