Mailcleaner Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Mailcleaner Remote Code Execution", 'Description' = %q This module exploits the command injection vulnerability of MailCleaner Community Edition...

Mailcleaner - (Authenticated) Remote Code Execution (Metasploit)

Mailcleaner - Authenticated Remote Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Mailcleaner Remote Code Execution", 'Description' = %q This module exploits the...

Hashicorp Consul - Remote Command Execution via Rexec (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Hashicorp Consul Remote Command Execution via Rexec", 'Description' = %q This module exploits a feature of Hashicorp Consul named rexec. ,...

Hashicorp Consul Rexec Remote Command Execution Exploit

This Metasploit module exploits a feature of Hashicorp Consul named rexec. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Hashicorp Consul Remote Command Execution via Rexec", 'Description' = ...

CVE-2018-4015

An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud SDK. The configuration of the HTTP client does not enforce a secure connection by default, resulting in a failure to validate TLS certificates. An attacker could impersonate a remote BrightCloud server...

Design/Logic Flaw

An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud SDK. The configuration of the HTTP client does not enforce a secure connection by default, resulting in a failure to validate TLS certificates. An attacker could impersonate a remote BrightCloud server...

CVE-2018-4015

An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud SDK. The configuration of the HTTP client does not enforce a secure connection by default, resulting in a failure to validate TLS certificates. An attacker could impersonate a remote BrightCloud server...

CVE-2018-4015

CVE-2018-4015 affects the Webroot BrightCloud SDK used in CUJO Smart Firewall. The root cause is that the HTTP client defaults to HTTP and does not enforce secure TLS verification, enabling a man-in-the-middle to impersonate BrightCloud servers and potentially expose credentials, alter queries, o...

Webroot BrightCloud SDK HTTP connection unsafe defaults vulnerability

Summary An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud SDK. The configuration of the HTTP client does not enforce a secure connection by default, resulting in a failure to validate TLS certificates. An attacker could impersonate a remote BrightClou...

Netgear Devices - (Unauthenticated) Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netgear Devices Unauthenticated Remote Command Execution', 'Description' = %q From the CVE-2016-1555 page: 1 boardData102.php, 2 boardData103.php...

USN-3824-1: OpenJDK 7 vulnerabilities

It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. CVE-2018-3136 Artem Smotrakov...

USN-3824-1 openjdk-7 vulnerabilities

It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. CVE-2018-3136 Artem Smotrakov...

CVE-2018-18820

A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution...

CVE-2018-18820

A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution...

Ubuntu 16.04 LTS / 18.04 LTS : OpenJDK vulnerabilities (USN-3804-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3804-1 advisory. It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker...

USN-3804-1: OpenJDK vulnerabilities

It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. CVE-2018-3136 Artem Smotrakov...

au.com.govlawtech:dvasopapi-client (=1.3.1), by.exonit.redmine.client:client-play-ws_2.11 (=4.0.0-RC2) +342 more potentially affected by CVE-2017-14063 via org.asynchttpclient:async-http-client (>=2.0.0-RC1 <=2.0.34)

org.asynchttpclient:async-http-client MAVEN version =2.0.0-RC1, =1.0, =1.23.0, =1.23.0, =1.2.2, =0.5.4, =0.9.1, =0.0.1, =0.1.13, =1.0, =2.7.0 and more Source cves: CVE-2017-14063 Source advisory: OSV:GHSA-93JQ-624G-4P9P...

Improper Input Validation in async-http-client

Async Http Client aka async-http-client before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL CVE-2016-8624 and Oracle Java 8 java.net.URL...

GHSA-93JQ-624G-4P9P Improper Input Validation in async-http-client

Async Http Client aka async-http-client before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL CVE-2016-8624 and Oracle Java 8 java.net.URL...

org.apache.camel:camel-ahc-ws (=2.16.0) potentially affected by CVE-2015-5348 via org.apache.camel:camel-ahc (=2.16.0)

org.apache.camel:camel-ahc MAVEN version =2.16.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.camel:camel-ahc and may be impacted: - org.apache.camel:camel-ahc-ws =2.16.0 Source cves: CVE-2015-5348 Source advisory: OSV:GHSA-26V6-W6FW-RH94...