CVE-2016-2171

CVE-2016-2171 affects Apache Jetspeed prior to 2.3.1, where the User Manager REST API fails to properly restrict access via Jetspeed Security. This allows a remote attacker to perform add, edit, or delete operations on users through the REST API. The IBM advisory consolidates multiple Jetspeed vu...

EUVD-2016-3259

The User Manager service in Apache Jetspeed before 2.3.1 does not properly restrict access using Jetspeed Security, which allows remote attackers to 1 add, 2 edit, or 3 delete users via the REST API...

Snapchat: Administrator access to a Django Administration Panel on *.sc-corp.net via bruteforced credentials

Hey team, While doing some recon for Snapchat's domains, I came across a particular domain of interest - sc-corp.net. It seems that this domain hosts a lot of Snapchat's internal tools, web applications and staging environments such as Phabricator and other administration panels. From analyzing S...

Apache Jetspeed - Arbitrary File Upload (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Jetspeed Arbitrary File Upload', 'Description' = %q This module exploits the unsecured User Manager REST API and a ZIP file path traversal ...

Apache Jetspeed Arbitrary File Upload

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Jetspeed Arbitrary File Upload', 'Description' = %q This module exploits the unsecured User Manager REST API and a ZIP file path traversal ...

Apache Jetspeed - Arbitrary File Upload (Metasploit)

Exploit for java platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Jetspeed Arbitrary File Upload', 'Description' = %q This module exploits the unsecure...

Apache Jetspeed Arbitrary File Upload

This module exploits the unsecured User Manager REST API and a ZIP file path traversal in Apache Jetspeed-2, version 2.3.0 and unknown earlier versions, to upload and execute a shell. Note: this exploit will create, use, and then delete a new admin user. Warning: in testing, exploiting the file...

CVE-2016-1562

The REST API in the DTE Energy Insight application before 1.7.8 for Android allows remote authenticated users to obtain unspecified customer information via a SQL expression in the filter parameter...

Design/Logic Flaw

The REST API in the DTE Energy Insight application before 1.7.8 for Android allows remote authenticated users to obtain unspecified customer information via a SQL expression in the filter parameter...

CVE-2016-1562

The REST API in the DTE Energy Insight application before 1.7.8 for Android allows remote authenticated users to obtain unspecified customer information via a SQL expression in the filter parameter...

CVE-2016-1562

The CVE-2016-1562 issue affects the DTE Energy Insight Android app’s REST API prior to version 1.7.8. An authenticated remote user could obtain limited customer data by manipulating a SQL expression in the filter parameter. The root cause is exposure via the filter parameter in the REST API, lead...

DTE Energy Insight app vulnerable to information exposure

Overview The DTE Energy Insight app API allows an authenticated user to obtain and query certain limited customer information from other customers. Description CWE-200: Information Exposure- CVE-2016-1562The DTE Energy Insight app lets DTE Energy customers track their energy usage. This informati...

Portal Apache Jetspeed 2.3.0 and earlier versions: a remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

! As my personal“friendship detect open source software security”one of the projects I'm ready to play play the Apache Jetspeed 2, which v2. 3 0 one. Jetspeed this stuff, used those words, that is: “An open portal platform and enterprise information portal, completely based on open standards,...

Apache Jetspeed 目录穿越漏洞

通过管理员账号在后台 Portal Site Manger 处 import 恶意构造的 ZIP 文件,ZIP 压缩文件中包含名称为 ../../webapps/de.jsp 的文件,在后台处理 上传时会拼接此文件名导致目录穿越,控制文件上传路径。 poc.zip 包 含 名 为 ../../webapps/ROOT/de.jsp 的 文 件 , 内 容 为 is vulnerable: 上传后,即可在网站根目录根据目标环境决定访问到 de.jsp 文件: 要利用目录穿越上传任意文件虽然需要管理权限的账户,但是通过前一个漏 洞可以轻松创建一个拥有管理者权限的任意账户,再利用此漏洞上传...

Apache Jetspeed 用户管理 REST API 未授权访问漏洞

漏洞效果 用户管理 REST API 未授权 构造用户管理 REST API 创建用户 foobar: curl -i "http://192.168.199.152:8080/jetspeed/services/usermanager/users/?type=json&name=foobar&password=password&passwordconfirm=password&usernamegiven=foo&usernamefamily=bar&[email protected]&newrule=" -X POST 构造用户管理 REST API 提升用户 foobar...

Whatportis - A Command To Search Port Names And numbers

It often happens that we need to find the default port number for a specific service, or what service is normally listening on a given port. Usage This tool allows you to find what port is associated with a service: $ whatportis redis...

Damn Vulnerable Web Services: DVWS

Damn Vulnerable Web Services is a vulnerable testing environment that can be used to learn real world web service vulnerabilities. The aim of this project is to aid security professionals in testing their skills and tools in a legal environment. This application is designed to understand the...

IBM WebSphere Portal AccessControl REST API Information Disclosure (PI51395)

The version of IBM WebSphere Portal installed on the remote Windows host is affected by an information disclosure vulnerability due to improper access control enforcement of the REST API. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to gain access to...

Atlassian Confluence 5.25.8.145.8.15 - Multiple Vulnerabilities

Atlassian Confluence 5.25.8.145.8.15 - Multiple Vulnerabilities Systems Affected Product : Confluence Company : Atlassian Versions 1 : 5.2 / 5.8.14 / 5.8.15 CVSS Score 1 : 6.1 / Medium classified by vendor Versions 2 : 5.9.1 / 5.8.14 / 5.8.15 CVSS Score 2 : 7.7 / High classified by vendor Product...

Atlassian Confluence 5.2/5.8.14/5.8.15 - Multiple Vulnerabilities

Systems Affected Product : Confluence Company : Atlassian Versions 1 : 5.2 / 5.8.14 / 5.8.15 CVSS Score 1 : 6.1 / Medium classified by vendor Versions 2 : 5.9.1 / 5.8.14 / 5.8.15 CVSS Score 2 : 7.7 / High classified by vendor Product Description Confluence is team collaboration software, where yo...