Device42 DCIM Appliance Manager Traceroute Command Injection Exploit

Device42 DCIM Appliance Manager versions 5.10 and 6.0 with WAN emulator version 2.3 remote command injection exploit for Metasploit that leverages traceroute. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require...

Pandora Fms - SQL Injection Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Pandora FMS SQLi Remote Code Execution', 'Description' = %q This module attempts to exploit multiple issues in order to gain remote...

Mantis Bug Tracker 1.2.0a3 < 1.2.17 XmlImportExport Plugin - PHP Code Injection (Metasploit) (1)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'MantisBT XmlImportExport Plugin PHP Code Injection Vulnerability', 'Description' = %q This module exploits a post-auth...

MantisBT XmlImportExport Plugin PHP Code Injection Exploit

This Metasploit module exploits a post-auth vulnerability found in MantisBT versions 1.2.0a3 up to 1.2.17 when the Import/Export plugin is installed. The vulnerable code exists on plugins/XmlImportExport/ImportXml.php, which receives user input through the "description" field and the "issuelink"...

RHEL 6 : devtoolset-2-httpcomponents-client (RHSA-2014:1098)

Updated devtoolset-2-httpcomponents-client packages that fix one security issue are now available for Red Hat Developer Toolset 2. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Fedora 21 : rubygem-httpclient-2.4.0-2.fc21 (2014-12980)

Updated to 2.4.0 which stops hard-coding ssl v3 and allows ssl negotiation Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducin...

Fedora Update for rubygem-httpclient FEDORA-2014-13040

Check the version of rubygem-httpclient SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868432";...

Fedora Update for rubygem-httpclient FEDORA-2014-13070

Check the version of rubygem-httpclient SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.868441";...

Fedora 20 : rubygem-httpclient-2.4.0-2.fc20 (2014-13040)

Updated to 2.4.0 which stops hard-coding ssl v3 and allows ssl negotiation Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducin...

Fedora 19 : rubygem-httpclient-2.4.0-2.fc19 (2014-13070)

Updated to 2.4.0 which stops hard-coding ssl v3 and allows ssl negotiation Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducin...

SOL15741 - Apache Commons HttpClient vulnerability CVE-2012-6153

Recommended action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5 critical issue...

serf / Apache httpcomponents HttpClient / Jakarta Commons HttpClient SSL validation bypass

Invalid parsing of certificates with NUL character in CN...

[ MDVSA-2014:170 ] jakarta-commons-httpclient

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:170 http://www.mandriva.com/en/support/security/ Package : jakarta-commons-httpclient Date : September 2, 2014 Affected: Business Server 1.0 Problem Description: Updated jakarta-commons-httpclient and...

Amazon Linux AMI : jakarta-commons-httpclient (ALAS-2014-410)

Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle...

F5 iControl Remote Root Command Execution Exploit

This Metasploit module exploits an authenticated remote command execution vulnerability in the F5 BIGIP iControl API and likely other F5 devices. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class...

F5 iControl - Remote Command Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "F5 iControl Remote Root Command Execution", 'Description' = %q This module exploits an authenticated remote command execution...

Apache mod_cgi Bash Environment Variable Code Injection Exploit

This Metasploit module exploits a code injection in specially crafted environment variables in Bash, specifically targeting Apache modcgi scripts through the HTTPUSERAGENT variable. This module requires Metasploit: http//metasploit.com/download Current source:...

Important: jakarta-commons-httpclient

Issue Overview: Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

Mandriva Linux Security Advisory : jakarta-commons-httpclient (MDVSA-2014:170)

Updated jakarta-commons-httpclient and httpcomponents-client packages fix security vulnerability : The Jakarta Commons HttpClient and Apache httpcomponents HttpClient components may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS wh...

CentOS Update for jakarta-commons-httpclient CESA-2014:1166 centos7

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...