4954 matches found
Apache Hadoop YARN ResourceManager remote command execution
Added: 07/20/2018 Background Apache Hadoop is a framework that allows for the distributed processing of large data sets across clusters of computers. YARN Yet Another Resource Negotiator is the component of Apache Hadoop which manages resources. Problem A vulnerability in the REST API in the YARN...
Authentication Bypass
Infinispan is vulnerable to authentication bypass. The vulnerability is possible because its REST API does not restore the auth constraints, allowing the attacker to read or write data in the default cache or a known cache name...
CVE-2017-2638
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name...
Default configuration
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name...
CVE-2017-2638
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name...
CVE-2017-2638
The CVE-2017-2638 issue affects Infinispan where the REST API did not properly enforce authentication constraints, enabling an attacker to read or modify data in the default cache or a known cache name. Affected product scope is Infinispan before version 9.0.0. The root cause, as described across...
CVE-2017-2638
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name...
Hadoop YARN ResourceManager Unauthenticated Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Hadoop YARN ResourceManager Unauthenticated Command Execution', 'Description' = %q This module exploits an unauthenticated command execution...
Apache #Hadoop YARN ResourceManager Unauthenticated Command Execution Exploit
This Metasploit module exploits an unauthenticated command execution vulnerability in Apache Hadoop through ResourceManager REST API. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Hadoop YARN...
Hadoop YARN ResourceManager - Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Hadoop YARN ResourceManager Unauthenticated Command Execution', 'Description' = %q This module exploits an unauthenticated command execution...
Faraday Beta v3.0 - Collaborative Penetration Test and Vulnerability Management Platform
This new version has made major architectural changes to adapt the software to the new challenges of cybersecurity. It focuses on processing large volumes of data and facilitating user interaction with Faraday in their environment. Faraday just got much faster Architecture changes and a new...
Moderate: Red Hat Security Advisory: Red Hat Virtualization Manager security, bug fix, and enhancement update
An update for org.ovirt.engine-root is now available for Red Hat Virtualization Manager 4.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
SSRF via REST API /plugins/servlet/gadgets/makeRequest
Confluence installations have permissive whitelist that allows to fetch any URL using confluence like as the proxy. Use GET request GET /plugins/servlet/gadgets/makeRequest?url= Example: to get Yandex start page or any resource you want. code:java GET...
SSRF via REST API /plugins/servlet/gadgets/makeRequest
Confluence installations have permissive whitelist that allows to fetch any URL using confluence like as the proxy. Use GET request GET /plugins/servlet/gadgets/makeRequest?url= Example: to get Yandex start page or any resource you want. code:java GET...
Insteon Hub PubNub "cc" Channel Message Handler Multiple Global Overflow Code Execution Vulnerabilities(CVE-2017-16338 ~CVE-2017-16347)
Summary Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a buffer overflow on a global section overwriting arbitrary data...
VOOKI - Web Application Vulnerability Scanner
Vooki is a free web application vulnerability scanner. Vooki is a user-friendly tool that you can easily scan any web application and find the vulnerabilities. Vooki includes Web Application Scanner, Rest API Scanner, and reporting section. Vooki – Web Application Scanner can help you to find the...
billcapture.energycap.com XSS vulnerability
Open Bug Bounty ID: OBB-633428 Description| Value ---|--- Affected Website:| billcapture.energycap.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Security Bulletin: Multiple security vulnerabilities in Tivoli Storage Manager (IBM Spectrum Protect) Operations Center (CVE-2016-6043, CVE-2016-6044, CVE-2016-6045, CVE-2106-6046)
Summary Multiple security vulnerabilities exist in Tivoli Storage Manager IBM Spectrum Protect Operations Center as described under Vulnerability Details. Vulnerability Details CVEID: CVE-2016-6043 DESCRIPTION: Tivoli Storage Manager Operations Center could allow a local user to take over a...
Security Bulletin: A security vulnerability has been identified in IBM Maximo Asset Management which could allow an attacker to obtain sensitive information via REST API (CVE-2015-7452)
Summary A security vulnerability has been identified in IBM Maximo Asset Management which could allow an attacker to obtain sensitive information via REST API. Vulnerability Details CVEID: CVE-2015-7452 DESCRIPTION: A security vulnerability has been identified in IBM Maximo Asset Management which...
Security Bulletin: IBM Forms Experience Builder vulnerable to CSRF when configured with non default settings (CVE-2016-2884)
Summary A cross-site request forgery attack is possible when configured with non default settings, caused by improper validation of user-supplied input. Vulnerability Details CVEID: CVE-2016-2884 DESCRIPTION: IBM Forms Experience Builder is vulnerable to cross-site request forgery, when configure...