2481 matches found
F5 BIG-IP TMUI AJP Smuggling Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/apachejp' class MetasploitModule 'F5 BIG-IP TMUI AJP Smuggling RCE', 'Description' = %q This module exploits a flaw in F5's BIG-IP Traffic Management...
F5 BIG-IP TMUI AJP Smuggling Remote Code Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/apachejp' class MetasploitModule 'F5 BIG-IP TMUI AJP Smuggling RCE', 'Description' = %q This module exploits a flaw in F5's BIG-IP Traffic Management...
Cisco IOX XE unauthenticated OS command execution
This module leverages both CVE-2023-20198 and CVE-2023-20273 against vulnerable instances of Cisco IOS XE devices which have the Web UI exposed. An attacker can execute arbitrary OS commands with root privileges. This module leverages CVE-2023-20198 to create a new admin user, then authenticating...
Foreman: Arbitrary code execution through templates
An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system...
CVE-2023-4956
A flaw was found in Quay. Clickjacking is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they intend to click on the top-level page. During the pentest, it has been detected that the config-editor page is vulnerab...
CVE-2023-33480
RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input...
CVE-2023-4996
Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a Windows ServiceControll...
Proofpoint Enterprise Protection Cross-Site Scripting Vulnerability
Proofpoint Enterprise Protection is an application from Proofpoint USA. It provides functionality to protect email. A security vulnerability exists in Proofpoint Enterprise Protection that stems from a stored cross-site scripting XSS vulnerability in AdminUI...
F5 BIG-IP TMUI AJP Smuggling RCE
This module exploits a flaw in F5's BIG-IP Traffic Management User Interface TMUI that enables an external, unauthenticated attacker to create an administrative user. Once the user is created, the module uses the new account to execute a command payload. Both the exploit and check methods...
Account Takeover
authentik is vulnerable to potential account takeover. authentik uses a blueprint to create default admin user, which also optionally sets an admin password from environment variable. When the default admin is deleted, it is possible for an attacker to set the password for admin user without...
CVE-2023-46249
authentik is an open-source Identity Provider. Prior to versions 2023.8.4 and 2023.10.2, when the default admin user has been deleted, it is potentially possible for an attacker to set the password of the default admin user without any authentication. authentik uses a blueprint to create the...
Design/Logic Flaw
authentik is an open-source Identity Provider. Prior to versions 2023.8.4 and 2023.10.2, when the default admin user has been deleted, it is potentially possible for an attacker to set the password of the default admin user without any authentication. authentik uses a blueprint to create the...
CVE-2023-46249 authentik potential installation takeover when default admin user is deleted
authentik is an open-source Identity Provider. Prior to versions 2023.8.4 and 2023.10.2, when the default admin user has been deleted, it is potentially possible for an attacker to set the password of the default admin user without any authentication. authentik uses a blueprint to create the...
CVE-2023-46249 authentik potential installation takeover when default admin user is deleted
authentik is an open-source Identity Provider. Prior to versions 2023.8.4 and 2023.10.2, when the default admin user has been deleted, it is potentially possible for an attacker to set the password of the default admin user without any authentication. authentik uses a blueprint to create the...
CVE-2023-46249
CVE-2023-46249 affects authentik (open-source Identity Provider). Before 2023.8.4 and 2023.10.2, if the default admin user is deleted, an attacker may set the default admin password without authentication via the initial-setup flow and a blueprint that can read an environment variable. The issue ...
CVE-2023-46249 authentik potential installation takeover when default admin user is deleted
authentik is an open-source Identity Provider. Prior to versions 2023.8.4 and 2023.10.2, when the default admin user has been deleted, it is potentially possible for an attacker to set the password of the default admin user without any authentication. authentik uses a blueprint to create the...
CVE-2023-46138 JumpServer default admin user email leak password reset
JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is [email protected], and users reset their passwords by sending an email. Currently, the domain mycompany.com h...
A.S. Watson Group : Access to internal info via Graphql on https://tng-api.watsons.com.my
Vulnerability description not provided...
Exploit for Improper Input Validation in Atlassian Confluence_Data_Center
Confluence Hack CVE-2023-22515 exploit.py Exploit to creat...
CVE-2023-5624
Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. This could allow an admin user to alter parameters that could potentially allow a blindSQL injection...