4929 matches found
REDDOXX Appliance Session Identifier Extraction
Advisory: Unauthenticated Extraction of Session-IDs in REDDOXX Appliance RedTeam Pentesting discovered an information disclosure vulnerabilty in the REDDOXX appliance software, which allows unauthenticated attackers to extract valid session IDs. Details ======= Product: REDDOXX Appliance Affected...
http-vuln-cve2017-1001000 NSE Script
Attempts to detect a privilege escalation vulnerability in Wordpress 4.7.0 and 4.7.1 that allows unauthenticated users to inject content in posts. The script connects to the Wordpress REST API to obtain the list of published posts and grabs the user id and date from there. Then it attempts to...
Trend Micro Deep Security 6.5 XXE / Code Execution
The following advisory describes three 3 vulnerabilities found in Trend Micro Deep Security version 6.5. aThe Trend Micro Hybrid Cloud Security solution, powered by XGen security, delivers a blend of crossA-generational threat defense techniques that have been optimized to protect physical,...
Trend Micro Deep Security 6.5 - XML External Entity Injection / Local Privilege Escalation / Remote Code Execution
The following advisory describes three 3 vulnerabilities found in Trend Micro Deep Security version 6.5. “The Trend Micro Hybrid Cloud Security solution, powered by XGen security, delivers a blend of cross-generational threat defense techniques that have been optimized to protect physical,...
WordPress REST API Posts Controller Privilege Escalation
A privilege escalation vulnerability exists in WordPress. The vulnerability is due to improper handling of post id's within the REST API posts controller. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to a vulnerable WordPress website...
AlienVault OSSIM REST API Service Detection
Binary data ossimrestapidetect.nbin...
Serviio Media Server - checkStreamUrl Command Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule /Restlet-Framework/ include Msf::Exploit::Remote::HttpClient include Msf::Exploit::CmdStager def initializeinfo = superupdateinfoinfo, 'Name' =...
Security Issue: REST API does not respect 'Allow Anonymous Access to Remote API' setting on pages that has anonymous access
h3. Summary Anonymous API access are allowed on on pages that has Anonymous View Permission, even though the 'Allow Anonymous Access to Remote API' setting not ticked h3. Steps to Reproduce Make sure that 'Allow Anonymous Access to Remote API' setting from Confluence Administration Security...
Security Issue: REST API does not respect 'Allow Anonymous Access to Remote API' setting on pages that has anonymous access
h3. Summary Anonymous API access are allowed on on pages that has Anonymous View Permission, even though the 'Allow Anonymous Access to Remote API' setting not ticked h3. Steps to Reproduce Make sure that 'Allow Anonymous Access to Remote API' setting from Confluence Administration Security...
Serviio Media Server checkStreamUrl Command Execution
This module exploits an unauthenticated remote command execution vulnerability in the console component of Serviio Media Server versions 1.4 to 1.8 on Windows operating systems. The console service on port 23423 by default exposes a REST API which which does not require authentication. The 'actio...
Serviio PRO 1.8 DLNA Media Streaming Server REST API Information Disclosure Exploit
Serviio PRO 1.8 DLNA Media Streaming Server version 1.8.0.0 PRO, 1.7.1, 1.7.0, and 1.6.1 suffer from a REST API information disclosure vulnerability. !/usr/bin/env python Serviio PRO 1.8 DLNA Media Streaming Server REST API Information Disclosure Vendor: Petr Nejedly | Six Lines Ltd Product web...
Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Password Change
!/usr/bin/env python Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Password Change Vendor: Petr Nejedly | Six Lines Ltd Product web page: http://www.serviio.org Affected version: 1.8.0.0 PRO, 1.7.1, 1.7.0, 1.6.1 Summary: Serviio is a free media server. It allows you to stream you...
Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Password Change Exploit
Serviio PRO DLNA Media Streaming Server versions 1.8.0.0 PRO, 1.7.1, 1.7.0, and 1.6.1 suffer from a REST API arbitrary password change vulnerability. !/usr/bin/env python Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Password Change Vendor: Petr Nejedly | Six Lines Ltd Product we...
Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Code Execution Exploit
Serviio PRO DLNA Media Streaming Server version 1.8.0.0 PRO, 1.7.1, 1.7.0, and 1.6.1 suffers from a REST API arbitrary code execution vulnerability. !/usr/bin/env python Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Code Execution Vendor: Petr Nejedly | Six Lines Ltd Product web...
Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Code Execution
Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The version of Serviio installed on the remote Windows host is affect...
Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Password Change
Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Password Change !/usr/bin/env python Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Password Change Vendor: Petr Nejedly | Six Lines Ltd Product web page: http://www.serviio.org Affected version: 1.8.0.0 PRO, 1.7.1,...
Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Password Change
!/usr/bin/env python Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Password Change Vendor: Petr Nejedly | Six Lines Ltd Product web page: http://www.serviio.org Affected version: 1.8.0.0 PRO, 1.7.1, 1.7.0, 1.6.1 Summary: Serviio is a free media server. It allows you to stream you...
Serviio PRO 1.8 DLNA Media Streaming Server REST API Information Disclosure
!/usr/bin/env python Serviio PRO 1.8 DLNA Media Streaming Server REST API Information Disclosure Vendor: Petr Nejedly | Six Lines Ltd Product web page: http://www.serviio.org Affected version: 1.8.0.0 PRO, 1.7.1, 1.7.0, 1.6.1 Summary: Serviio is a free media server. It allows you to stream your...
Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Password Change
Summary Serviio is a free media server. It allows you to stream your media files music, video or images to renderer devices e.g. a TV set, Bluray player, games console or mobile phone on your connected home network. Description The version of Serviio installed on the remote Windows/Linux host is...
Serviio PRO 1.8 DLNA Media Streaming Server - REST API Arbitrary Code Execution
!/usr/bin/env python Serviio PRO 1.8 DLNA Media Streaming Server REST API Arbitrary Code Execution Vendor: Petr Nejedly | Six Lines Ltd Product web page: http://www.serviio.org Affected version: 1.8.0.0 PRO, 1.7.1, 1.7.0, 1.6.1 Summary: Serviio is a free media server. It allows you to stream your...