138 matches found
EUVD-2010-3856
Malware in sbrugna...
EUVD-2012-3325
Malware in sbrugna...
EUVD-2023-33032
Malicious code in bioql PyPI...
JBoss Scanner
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'JBoss Vulnerability Scanner', 'Description' = %q This module scans a JBoss instance for a few vulnerabilities. , 'Author' = 'Tyler Krpata', 'Zach...
Rockwell Automation Pavilion8 License Issue Vulnerability
Rockwell Automation Pavilion8 is a model prediction console from Rockwell Automation. Rockwell Automation Pavilion8 suffers from an authorization issue vulnerability that stems from the fact that the JMX Console is publicly available to users and does not require authentication. An attacker could...
CVE-2023-29463
The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of their session...
CVE-2023-29463
The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of their session...
Authentication flaw
The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of their session...
CVE-2023-29463 Pavilion8 Security Misconfiguration Vulnerability
The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of their session...
CVE-2023-29463 Pavilion8 Security Misconfiguration Vulnerability
The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of their session...
CVE-2023-29463
The CVE-2023-29463 issue affects Rockwell Automation Pavilion8: the JMX Console is publicly accessible and requires no authentication, enabling a malicious user to retrieve other users’ session data or log them out. Affected product: Pavilion8 (model predictive control software); affected version...
PT-2023-5215 · Rockwell Automation · Pavilion8
Name of the Vulnerable Software and Affected Versions: Rockwell Automation Pavilion8 affected versions not specified Description: The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could...
Red Hat JBoss Authentication Bypass Vulnerability
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method...
Cross-site Request Forgery (CSRF)
JBoss is vulnerable to Cross-site request forgery CSRF. flaw was found in the JMX Console. A remote attacker could use this flaw to deploy a WAR file of their choosing on the target server, if they are able to trick a user, who is logged into the JMX Console as the admin user, into visiting a...
Information Disclosure
JMX-console is vulnerable to information disclosure. The JMX Console configuration only specified an authentication requirement for requests that used the GET and POST HTTP "verbs". A remote attacker could create an HTTP request that does not specify GET or POST, causing it to be executed by the...
Arbitrary Code Execution
jboss is vulnerable to arbitrary code execution. The vulnerability exists through an XSS flaw was found in the JMX Console. An attacker could use this flaw to present misleading data to an authenticated user, or execute arbitrary scripting code in the context of the authenticated user's browser...
Privilege Escalation
An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...
Privilege Escalation
An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...
Privilege Escalation
An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...
Information Disclosure
An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...