CVE-2018-1883

CVE-2018-1883 affects IBM MQ Console REST API in IBM MQ 9.0.2–9.0.5 and 9.1.0.0. The issue enables a denial-of-service condition preventing users from logging into the MQ Console REST API. The IBM bulletin indicates affected products and provides remediation: upgrade to IBM MQ V9.1.1 for the 9 CD...

CVE-2018-1883

A problem within the IBM MQ 9.0.2, 9.0.3, 9.0.4, 9.0.5, and 9.1.0.0 Console REST API Could allow attackers to execute a denial of service attack preventing users from logging into the MQ Console REST API. IBM X-Force ID: 151969...

Orbit Fox by ThemeIsle <= 2.6.3 -Does not properly Authenticate REST API Calls

Orbit Fox by Themeisle aka Themeisle Companion version = 2.6.3 does not properly authenticate REST API calls allowing unauthenticated users to execute several API calls. In some cases one of these calls can be used to upload arbitrary files which can lead to remote code execution...

Security Bulletin: IBM MQ Console could allow an attacker to execute a denial of service attack. (CVE-2018-1883)

Summary A problem within the IBM MQ Console REST API could allow attackers to execute a denial of service attack preventing users from logging into the MQ Console REST API. Vulnerability Details CVEID: CVE-2018-1883 DESCRIPTION: A problem within the IBM MQ Console REST API could allow attackers t...

Apache Spark - Unauthenticated Command Execution Exploit

This Metasploit module exploits an unauthenticated command execution vulnerability in Apache Spark with standalone cluster mode through the REST API. It uses the function CreateSubmissionRequest to submit a malicious java class and triggers it. This module requires Metasploit:...

Apache Spark Unauthenticated Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Spark Unauthenticated Command Execution', 'Description' = %q This module exploits an unauthenticated command execution vulnerability in...

Apache Spark - (Unauthenticated) Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Spark Unauthenticated Command Execution', 'Description' = %q This module exploits an unauthenticated command execution vulnerability in...

Trape v2.0 - People Tracker On The Internet: OSINT Analysis And Research Tool

Trape is a OSINT analysis and research tool, which allows people to track and execute intelligent social engineering attacks in real time. It was created with the aim of teaching the world how large Internet companies could obtain confidential information such as the status of sessions of their...

ACHE - A Web Crawler For Domain-Specific Search

ACHE is a focused web crawler. It collects web pages that satisfy some specific criteria, e.g., pages that belong to a given domain or that contain a user-specified pattern. ACHE differs from generic crawlers in sense that it uses page classifiers to distinguish between relevant and irrelevant...

Western Digital My Book Live / My Cloud NAS RCE Vulnerability

Western Digital MyBook Live and some models of Western Digital My Cloud NAS contain a remotely exploitable vulnerability that lets anyone run commands on the device as root. The vulnerability exists in the language change and modify functionality in the REST API Copyright C 2018 Greenbone Network...

Western Digital MyBook Live Remote Code Execution (CVE-2018-18472)

A command injection vulnerability exist in WD MyBook Live and WD MyCloud NAS models. The vulnerability is due to the language change and modifies functionality in the REST API. A remote, unauthenticated attacker can exploit the vulnerability by sending a maliciously crafted packet to the target...

org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11 Improper Authentication vulnerability

From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authenticating requests to submit jobs vi...

Security Bulletin: A security vulnerability has been identified in Apache Spark shipped with IBM Operations Analytics Predictive Insights (CVE-2018-11770)

Summary There is a vulnerability in Apache Spark®, Version 2.0.1 that is used by IBM Operations Analytics Predictive Insights 1.3.6. IBM Operations Analytics Predictive Insights has addressed the applicable CVE. Vulnerability Details CVE-ID: CVE-2018-11770 Description: Apache Spark could allow a...

Green Electronics RainMachine Mini-8 and Touch HD 12 Web Application Cross-Site Scripting Vulnerability

Green Electronics RainMachine Mini-8 and Touch HD 12 Web Application are both products of Green Electronics USA.Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler. Green Electronics RainMachine Mini-8 is a smart irrigation sprinkler and Touch HD 12 Web Application is a web-based...

WordPress 4.1.x < 4.1.14 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the PHPMailer component in the class.phpmailer.php script due to improper handling of sender email addresses. An...

WordPress 3.9.x < 3.9.15 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the PHPMailer component in the class.phpmailer.php script due to improper handling of sender email addresses. An...

WordPress 4.5.x < 4.5.6 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the class-wp-press-this.php script due to a failure to properly restrict the user interface for assigning taxonomy terms...

WordPress 3.9.x < 3.9.16 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the class-wp-press-this.php script due to a failure to properly restrict the user interface for assigning taxonomy terms...

WordPress 3.7.x < 3.7.18 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the class-wp-press-this.php script due to a failure to properly restrict the user interface for assigning taxonomy terms...

WordPress 4.5.x < 4.5.5 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the PHPMailer component in the class.phpmailer.php script due to improper handling of sender email addresses. An...