266 matches found
grunt-images downloads Resources over HTTP
Affected versions of grunt-images insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...
GHSA-8HJ4-W233-G35Q Downloads Resources over HTTP in react-native-baidu-voice-synthesizer
Affected versions of react-native-baidu-voice-synthesizer insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in...
Downloads Resources over HTTP in alto-saxophone
Affected versions of alto-saxophone insecurely download an executable over an unencrypted HTTP connection. In scenarios where an attacker has a privileged network position, it is possible to intercept the response and replace the executable with a malicious one, resulting in code execution on the...
BWS Systems HA-Bridge Remote Detection
Detection of BWS Systems HA-Bridge. The script sends a HTTP connection request to the remote host and attempts to detect if the remote host is BWS Systems HA-Bridge. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C ...
Atlassian Crucible Detection
Detection of Atlassian Crucible. The script sends a connection request to the server and attempts to extract the version number from the reply. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective righ...
Synology StorageManager 5.2 - Root Remote Command Execution
Synology StorageManager 5.2 - Root Remote Command Execution ''' SSD Advisory – Synology StorageManager smart.cgi Remote Command Execution Full report: https://blogs.securiteam.com/index.php/archives/3540 Twitter: @SecuriTeamSSD Weibo: SecuriTeamSSD Vulnerability Summary The following advisory...
Synology StorageManager 5.2 - Remote Root Command Execution Exploit
Exploit for cgi platform in category web applications ''' SSD Advisory – Synology StorageManager smart.cgi Remote Command Execution Full report: https://blogs.securiteam.com/index.php/archives/3540 Twitter: @SecuriTeamSSD Weibo: SecuriTeamSSD Vulnerability Summary The following advisory describes...
OpenJDK: HTTP client insufficient check for newline in URLs (Networking, 8176751)
It was found that the HttpURLConnection and HttpsURLConnection classes in the Networking component of OpenJDK failed to check for newline characters embedded in URLs. An attacker able to make a Java application perform an HTTP request using an attacker provided URL could possibly inject additiona...
Octopus Deploy Detection
Detection of Octopus Deploy. The script sends a connection request to the server and attempts to detect Octopus Deploy and extract its version. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective righ...
Rancher Detection
Detection of Rancher Server. The script sends a connection request to the server and attempts to detect Rancher and to extract its version. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...
ERS Data System 1.8.1 - Java Deserialization Exploit
Exploit for windows platform in category remote exploits Exploit Title: ERS Data System 1.8.1 Deserialize Vulnerability Google Dork: N/A Date: 9/21/2017 Exploit Author: West Shepherd Vendor Homepage: http://www.ersdata.com Software Link: www.ersdata.com/downloads/ErsSetup.exe Version: 1.8.1.0...
ERS Data System 1.8.1 - Java Deserialization
ERS Data System 1.8.1 - Java Deserialization Exploit Title: ERS Data System 1.8.1 Deserialize Vulnerability Google Dork: N/A Date: 9/21/2017 Exploit Author: West Shepherd Vendor Homepage: http://www.ersdata.com Software Link: www.ersdata.com/downloads/ErsSetup.exe Version: 1.8.1.0 Tested on:...
ERS Data System 1.8.1 - Java Deserialization
Exploit Title: ERS Data System 1.8.1 Deserialize Vulnerability Google Dork: N/A Date: 9/21/2017 Exploit Author: West Shepherd Vendor Homepage: http://www.ersdata.com Software Link: www.ersdata.com/downloads/ErsSetup.exe Version: 1.8.1.0 Tested on: Windows 7 x86 CVE : CVE-2017-14702 Description: E...
VX Search Enterprise 9.5.12 - GET Buffer Overflow Exploit
Exploit for windows platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VX Search Enterprise GET Buffer Overflow', 'Description' = %q This module exploits a...
Dup Scout Enterprise 9.5.14 - GET Buffer Overflow (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Dup Scout Enterprise GET Buffer Overflow', 'Description' = %q This module exploits a stack-based buffer overflow vulnerability ...
External XML Entity (XXE) Attacks
ignite-core is vulnerable external XML entity XXE attacks. The update notifier component sends sensitive system data over an unsecured HTTP connection. Since TLS is not used man-in-the-middle MitM attacks also possible. Attackers can alter the response coming from the server the information is se...
Nuxeo Platform Detection
Detection of Nuxeo Platform. The script sends a HTTP connection request to the server and attempts to detect the presence of Nuxeo Platform and to extract its version. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright ...
NetGain Enterprise Manager Detection
Detection of NetGain Enterprise Manager The script sends a HTTP connection request to the server and attempts to detect the presence of NetGain Enterprise Manager and to extract its version. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced...
Atheme IRC NickServ Detection (HTTP)
Detection of Atheme IRC NickServ. The script sends a HTTP connection request to the server and attempts to detect the presence of the Atheme IRC NickServ and to extract its version. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and...
Teleopti WFM Detection
Detection of Teleopti WFM The script sends a HTTP connection request to the server and attempts to detect the presence of Teleopti WFM and to extract its version. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...