123 matches found
Adobe InDesign Server SOAP interface RunScript command execution
Added: 02/04/2013 BID: 56574 OSVDB: 87548 Background Adobe InDesign is a desktop publishing application. It includes a server interface providing an API for software developers using SOAP. Problem The SOAP interface in Adobe InDesign Server allows remote, unauthenticated attackers to run arbitrar...
Adobe InDesign Server SOAP interface RunScript command execution
Added: 02/04/2013 BID: 56574 OSVDB: 87548 Background Adobe InDesign is a desktop publishing application. It includes a server interface providing an API for software developers using SOAP. Problem The SOAP interface in Adobe InDesign Server allows remote, unauthenticated attackers to run arbitrar...
Adobe InDesign Server SOAP interface RunScript command execution
Added: 02/04/2013 BID: 56574 OSVDB: 87548 Background Adobe InDesign is a desktop publishing application. It includes a server interface providing an API for software developers using SOAP. Problem The SOAP interface in Adobe InDesign Server allows remote, unauthenticated attackers to run arbitrar...
Oracle WebLogic Server Multiple Security Bypass Vulnerabilities
Oracle WebLogic Server is prone to multiple security bypass vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Oracle Business Transaction Management FlashTunnelService WriteToFile Vulnerability
Added: 08/17/2012 BID: 54839 Background Oracle Business Transaction Management BTM is a component of several Oracle Enterprise Manager Management Packs, including WebLogic Server Management Pack Enterprise Edition. Oracle BTM provides capability in three key areas: transaction visibility,...
Oracle Business Transaction Management Server FlashTunnelService Remote File Deletion
Oracle Business Transaction Management Server 12.1.0.2.7 FlashTunnelService Remote File Deletion tested against: Microsoft Windows Server 2003 r2 sp2 Oracle WebLogic Server 12c 12.1.1 Oracle Business Transaction Management Server 12.1.0.2.7 Production version files tested:...
Oracle Business Transaction Management Server directory traversal
FlashTunnelService allows arbitrary files deletion via SOAP interface...
Oracle BTM 12.1.0.2.7 Remote File Deletion
Oracle Business Transaction Management Server 12.1.0.2.7 FlashTunnelService Remote File Deletion tested against: Microsoft Windows Server 2003 r2 sp2 Oracle WebLogic Server 12c 12.1.1 Oracle Business Transaction Management Server 12.1.0.2.7 Production version files tested:...
Oracle BTM Server 12.1.0.2.7 Remote Code Execution
Oracle Business Transaction Management Server 12.1.0.2.7 FlashTunnelService WriteToFile Message Remote Code Execution Exploit tested against: Microsoft Windows Server 2003 r2 sp2 Oracle WebLogic Server 12c 12.1.1 Oracle Business Transaction Management Server 12.1.0.2.7 Production version files...
FreeBSD : mantis -- multiple vulnerabilities (55587adb-b49d-11e1-8df1-0004aca374af)
Mantis reports : Roland Becker and Damien Regad MantisBT developers found that any user able to report issues via the SOAP interface could also modify any bugnotes comments created by other users. In a default/typical MantisBT installation, SOAP API is enabled and any user can sign up to report n...
mantis -- multiple vulnerabilities
Mantis reports: Roland Becker and Damien Regad MantisBT developers found that any user able to report issues via the SOAP interface could also modify any bugnotes comments created by other users. In a default/typical MantisBT installation, SOAP API is enabled and any user can sign up to report ne...
DDIVRT-2012-44 Epicor Returns Management SOAP-Based Blind SQL Injection
Title ----- DDIVRT-2012-44 Epicor Returns Management SOAP-Based Blind SQL Injection Severity -------- High Date Discovered --------------- April 12, 2012 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Chris Graham and r@b13$ Vulnerability Description...
Novell eDirectory eMBox Unauthenticated File Access
This module will access Novell eDirectory's eMBox service and can run the following actions via the SOAP interface: GETDN, READLOGS, LISTSERVICES, STOPSERVICE, STARTSERVICE, SETLOGFILE. This module requires Metasploit: https://metasploit.com/download Current source:...
SAP Management Console - OSExecute Payload Execution (Metasploit)
$Id: sapmgmtconosexecpayload.rb 14048 2011-10-24 16:42:07Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
SAP Management Console OSExecute Payload Execution
Exploit for php platform in category web applications $Id: sapmgmtconosexecpayload.rb 14048 2011-10-24 16:42:07Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more informati...
SAP Management Console OSExecute
This module allows execution of operating system commands through the SAP Management Console SOAP Interface. A valid username and password must be provided. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
SAP Management Console Get Access Points
This module simply attempts to output a list of SAP access points through the SAP Management Console SOAP Interface. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP Management Console Get...
SAP Management Console Get Process Parameters
This module simply attempts to output a SAP process parameters and configuration settings through the SAP Management Console SOAP Interface. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP...
[USN-1137-1] Eucalyptus vulnerability
========================================================================== Ubuntu Security Notice USN-1137-1 May 26, 2011 eucalyptus, rampart vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...
SAP Management Console Brute Force
This module simply attempts to brute force the username and password for the SAP Management Console SOAP Interface. If the SAPSID value is set it will replace instances of in any user/pass from any wordlist. This module requires Metasploit: https://metasploit.com/download Current source:...