907 matches found
Cacti 1.2.8 Unauthenticated Remote Code Execution
Exploit Title: Cacti v1.2.8 - Unauthenticated Remote Code Execution Metasploit Date: 2020-02-29 Exploit Author: Lucas Amorim sh286s CVE: CVE-2020-8813 Vendor Homepage: https://cacti.net/ Version: v1.2.8 Tested on: Linux This module requires Metasploit: https://metasploit.com/download Current...
Huawei EulerOS: Security Advisory for jakarta-commons-httpclient (EulerOS-SA-2020-1109)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP5 : jakarta-commons-httpclient (EulerOS-SA-2020-1109)
According to the version of the jakarta-commons-httpclient package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout...
Security Bulletin: Multiple Vulnerabilities identified in IBM StoredIQ
Summary Multiple vulnerabilities in bundled software packages affect IBM StoredIQ. IBM StoredIQ has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2009-0217 DESCRIPTION: The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products...
Security Bulletin: Security Vulnerabilities have been Identified in Websphere Application Server Shipped with Predictive Customer Intelligence (CVE-2012-5783, CVE-2018-1614, CVE-2014-0114, CVE-2015-0899)
Summary Websphere Application Server is shipped with Predictive Customer Intelligence. Information about security vulnerabilities affecting Websphere Application Server has been published in security bulletins. Vulnerability Details Please consult the security bulletins: Security Bulletin:...
Security Bulletin: Multiple vulnerabilities in Global Mailbox in IBM Sterling B2B Integrator (CVE-2015-5262, CVE-2014-3577)
Summary IBM Global Mailbox is vulnerable to denial of service attacks and spoofing attacks due to the vulnerabilities in Apache httpClient Vulnerability Details CVEID: CVE-2015-5262 DESCRIPTION: Apache Commons is vulnerable to a denial of service, caused by the failure to apply a configured...
Centreon 19.10.5 - 'Pollers' Remote Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Centreon Poller Authenticated Remote Command Execution', 'Description' = %q TODO , 'Author' = 'Omri Baso', discovery 'Fabien Aunay', discovery...
Huawei EulerOS: Security Advisory for jakarta-commons-httpclient (EulerOS-SA-2019-2397)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for jakarta-commons-httpclient (EulerOS-SA-2019-2027)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Tautulli v2.1.9 - Shutdown Denial of Service
Tautulli versions 2.1.9 and prior are vulnerable to denial of service via the /shutdown URL. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Tautulli v2.1.9 - Shutdown Denial of Service',...
Tautulli 2.1.9 - Denial of Service (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Tautulli v2.1.9 - Shutdown Denial of Service', 'Description' = 'Tautulli versions 2.1.9 and prior are vulnerable to denial of service via the...
D-Link DIR-859 Unauthenticated Remote Command Execution
D-Link DIR-859 Routers are vulnerable to OS command injection via the UPnP interface. The vulnerability exists in /gena.cgi function genacgimain in /htdocs/cgibin, which is accessible without credentials. This module requires Metasploit: https://metasploit.com/download Current source:...
OpenNetAdmin Ping Command Injection
This module exploits a command injection in OpenNetAdmin between 8.5.14 and 18.1.1. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenNetAdmin Ping Command Injection', 'Description' = %q This...
EulerOS 2.0 SP2 : jakarta-commons-httpclient (EulerOS-SA-2019-2397)
According to the version of the jakarta-commons-httpclient package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The Hyper-Text Transfer Protocol HTTP is perhaps the most significant protocol used on the Internet today. Web services,...
EulerOS 2.0 SP2 : httpcomponents-client (EulerOS-SA-2019-2518)
According to the version of the httpcomponents-client package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout...
Atlassian Confluence 6.15.1 Directory Traversal
Exploit Title: Atlassian Confluence 6.15.1 - Directory Traversal Metasploit Google Dork: N/A Date: 2019-11-11 Exploit Author: max7253 Vendor Homepage: https://www.atlassian.com Software Link: https://www.atlassian.com/software/confluence/download-archives Version: 6.15.1 Tested on: Microsoft...
Ajenti 2.1.31 Remote Code Execution
Exploit Title: Ajenti 2.1.31 - Remote Code Exection Metasploit Date: 2019-10-29 Exploit Author: Onur ER Vendor Homepage: http://ajenti.org/ Software Link: https://github.com/ajenti/ajenti Version: 2.1.31 Tested on: Ubuntu 19.10 This module requires Metasploit: https://metasploit.com/download...
EulerOS 2.0 SP3 : jakarta-commons-httpclient (EulerOS-SA-2019-2027)
According to the version of the jakarta-commons-httpclient package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout...
Security Bulletin: Information disclosure in Apache Commons HttpClient may affect WebSphere Application Server as part of IBM InfoSphere Identity Insight (CVE-2012-5783)
Summary There is a potential information disclosure in Apache Commons HttpClient used by WebSphere Application Server shipped as part of IBM InfoSphere Identity Insight. Vulnerability Details CVEs: CVE-2012-5783 Link to security bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22016216...
Baldr Botnet Panel Shell Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/http' class MetasploitModule "Baldr Botnet Panel Shell Upload Exploit", 'Description' = %q This module exploits the file upload vulnerability of baldr malwa...