108 matches found
Beers with Talos EP 43: Espionage, Encryption, and CISO Square One
Beers with Talos BWT Podcast Ep. 43 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Ep. 43 show notes: Recorded Dec. 7, 2018. Several of us are under the weather, but the show must go on. We did our best, as alway...
Australia Anti-Encryption Law Triggers Sweeping Backlash
A controversial Australian bill, which could give the government access to data protected by end-to-end encryption, was passed Thursday. The bill, called the Assistance and Access Act, empowers Australian police to essentially force companies that are operating in the country to help the governme...
Micro Focus Secure Messaging Gateway SQL Injection (CVE-2018-12464)
A SQL injection vulnerability exists in Micro Focus Secure Messaging Gateway. The vulnerability is due to insufficient validation of user input. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
MicroFocus Secure Messaging Gateway Remote Code Execution Exploit
This Metasploit module exploits a SQL injection and command injection vulnerability in MicroFocus Secure Messaging Gateway. An unauthenticated user can execute a terminal command under the context of the web user. One of the user supplied parameters of API endpoint is used by the application...
MicroFocus Secure Messaging Gateway Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "MicroFocus Secure Messaging Gateway Remote Code Execution", 'Description' = %q This module exploits a SQL injection and command injection...
Micro Focus Secure Messaging Gateway (SMG) < 471 - Remote Code Execution Exploit
Exploit for php platform in category remote exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "MicroFocus Secure Messaging Gateway Remote Code Execution", 'Description' = %q This module...
Micro Focus Secure Messaging Gateway (SMG) 471 - Remote Code Execution (Metasploit)
Micro Focus Secure Messaging Gateway SMG 471 - Remote Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "MicroFocus Secure Messaging Gateway Remote Code Execution",...
Micro Focus Secure Messaging Gateway (SMG) < 471 - Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "MicroFocus Secure Messaging Gateway Remote Code Execution", 'Description' = %q This module exploits a SQL injection and command injection...
Micro Focus Secure Messaging Gateway Detection
Detection of Micro Focus Secure Messaging Gateway. The script sends a connection request to the server and attempts to detect Micro Focus Secure Messaging Gateway. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...
MicroFocus Secure Messaging Gateway Remote Code Execution
This module exploits a SQL injection and command injection vulnerability in MicroFocus Secure Messaging Gateway. An unauthenticated user can execute a terminal command under the context of the web user. One of the user supplied parameters of API endpoint is used by the application without input...
Micro Focus Secure Messaging Gateway Web administration and quarantine component SQL injection vulnerability
Micro Focus Secure Messaging Gateway SMG is a suite of outbound and inbound protection software for enterprise networks and messaging systems from Micro Focus, UK. The product includes features such as virus protection, anti-spam, anti-DDos attacks, and image analysis.Web administration is one of...
Micro Focus Secure Messaging Gateway Web Administration Component Operating System Command Injection Vulnerability
Micro Focus Secure Messaging Gateway SMG is a suite of outbound and inbound protection software for enterprise networks and messaging systems from the UK-based Micro Focus. The product includes features such as virus protection, anti-spam, anti-DDos attacks, and image analysis.Web administration ...
CVE-2018-12465
An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway SMG allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve...
CVE-2018-12464
A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in...
Sql injection
A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in...
Command injection
An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway SMG allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve...
CVE-2018-12464 Unauthenticated SQL injection in Micro Focus Secure Messaging Gateway
A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in...
CVE-2018-12464
CVE-2018-12464 is a SQL injection vulnerability in Micro Focus Secure Messaging Gateway (SMG) affecting the Web administration and quarantine components. It occurs in versions prior to 471 and enables an unauthenticated remote attacker to execute arbitrary SQL statements against the SMG database,...
CVE-2018-12465 Remote Code Execution in Micro Focus Secure Messaging Gateway
An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway SMG allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve...
The Effects of Iran's Telegram Ban
The Center for Human Rights in Iran has released a report outlining the effect's of that country's ban on Telegram, a secure messaging app used by about half of the country. The ban will disrupt the most important, uncensored platform for information and communication in Iran, one that is used...