18 matches found
WebNMS Framework Server Arbitrary Text File Download
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebNMS Framework Server Arbitrary Text File Download', 'Description' = %q This module abuses a vulnerability in WebNMS Framework Server 5.2 that...
WebNMS Framework Server Credential Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebNMS Framework Server Credential Disclosure', 'Description' = %q This module abuses two vulnerabilities in WebNMS Framework Server 5.2 to extra...
CVE-2016-6601
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. dot dot in the fileName parameter to servlets/FetchFile...
CVE-2016-6601
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. dot dot in the fileName parameter to servlets/FetchFile...
CVE-2016-6603
ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header...
CVE-2016-6602
ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combined with CVE-2016-6601 for a remote exploit...
CVE-2016-6600
Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. dot dot in the fileName parameter to servlets/FileUploadServlet...
CVE-2016-6602
ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combined with CVE-2016-6601 for a remote exploit...
Design/Logic Flaw
ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml. NOTE: this issue can be combined with CVE-2016-6601 for a remote exploit...
Directory traversal
Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. dot dot in the fileName parameter to servlets/FetchFile...
Directory traversal
Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a .. dot dot in the fileName parameter to servlets/FileUploadServlet...
CVE-2016-6600
The CVE refers to a directory traversal vulnerability in WebNMS Framework Server 5.2 and 5.2 SP1 (ZOHO WebNMS) via FileUploadServlet, where a crafted fileName with .. allows remote attackers to upload and execute JSP files. A Metasploit module and multiple advisories document an arbitrary file up...
CVE-2016-6603
ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header...
CVE-2016-6603
CVE-2016-6603 affects ZOHO WebNMS Framework 5.2 and 5.2 SP1. The vulnerability allows remote attackers to bypass authentication and impersonate arbitrary users by sending a manipulated UserName HTTP header, enabling session hijacking via the GetChallengeServlet in WebNMS. Multiple connected sourc...
Multiple Vulnerabilities in ZOHO WebNMS Framework (CNVD-2016-06371)
ZOHO WebNMS Framework is the United States ZhuoHao ZOHO company's set of framework for building network management applications. A directory traversal vulnerability, an information disclosure vulnerability, and a user impersonation vulnerability exist in versions 5.2 and 5.2 SP1 of the ZOHO WebNM...
Multiple Vulnerabilities in ZOHO WebNMS Framework (CNVD-2016-06370)
ZOHO WebNMS Framework is the United States ZhuoHao ZOHO company's set of framework for building network management applications. A directory traversal vulnerability, an information disclosure vulnerability, and a user impersonation vulnerability exist in versions 5.2 and 5.2 SP1 of the ZOHO WebNM...
Multiple vulnerabilities in ZOHO WebNMS Framework (CNVD-2016-06372)
ZOHO WebNMS Framework is the United States ZhuoHao ZOHO company's set of framework for building network management applications. A directory traversal vulnerability, an information disclosure vulnerability, and a user impersonation vulnerability exist in versions 5.2 and 5.2 SP1 of the ZOHO WebNM...
WebNMS Framework Detection
The script sends a connection request to the server and attempts to extract the version number from the reply. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifie...