Lucene search
K

41 matches found

OSV
OSV
added 2022/05/14 2:46 a.m.1 views

GHSA-P836-389H-J692 Improper Access Control in Apache Shiro

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...

9.8CVSS6.2AI score0.92988EPSS
Exploits9References10
Tenable Nessus
Tenable Nessus
added 2022/04/15 12:0 a.m.308 views

Apache Shiro < 1.2.5 Default Cipher Key (CVE-2016-4437)

The Apache Shiro uses a default cipher key for the 'remember me' feature when not explicitly configured. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary code or access content that would otherwise be protected by a security constraint...

9.8CVSS8.2AI score0.92988EPSS
Exploits9References3
Tenable Nessus
Tenable Nessus
added 2022/03/30 12:0 a.m.352 views

Apache Shiro Default Cipher Key (CVE-2016-4437)

Binary data apacheshirocve-2016-4437.nbin...

9.8CVSS9AI score0.92988EPSS
Exploits9References3
VulnCheck KEV
VulnCheck KEV
added 2021/11/03 12:0 a.m.3 views

VulnCheck KEV: CVE-2016-4437

Apache Shiro contains a vulnerability which may allow remote attackers to execute code or bypass intended access restrictions via an unspecified request parameter when a cipher key has not been configured for the "remember me" feature...

9.8CVSS7.3AI score0.92988EPSS
Exploits9References1
CISA KEV Catalog
CISA KEV Catalog
added 2021/11/03 12:0 a.m.31 views

Apache Shiro Code Execution Vulnerability

Apache Shiro contains a vulnerability which may allow remote attackers to execute code or bypass intended access restrictions via an unspecified request parameter when a cipher key has not been configured for the "remember me" feature...

9.8CVSS8.3AI score0.92988EPSS
In wildExploits9
Nvidia
Nvidia
added 2020/10/28 12:0 a.m.42 views

Security Bulletin: AMI Baseboard Management Controller (BMC) Firmware Vulnerabilities in NVIDIA DGX-1, DGX-2, and DGX A100 Servers - October 2020

NVIDIA has released a firmware security update for NVIDIA DGX™ servers. This update addresses security issues in the AMI Baseboard Management Controller BMC firmware that may lead to remote code execution, elevation of privileges, or information disclosure. All issues require network access to th...

9.8CVSS8.1AI score0.02611EPSS
Exploits0Affected Software1
Kitploit
Kitploit
added 2017/11/29 1:30 p.m.31 views

Amber - POC Reflective PE Packer

Amber is a proof of concept packer, it can pack regularly compiled PE files into reflective PE files that can be used as multi stage infection payloads. If you want to learn the packing methodology used inside the Amber check out below. PS: This is not a complete tool some things may break so tak...

7.2AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/10/06 4:18 p.m.6 views

shiro: Security constraint bypass

It was found that Apache Shiro uses a default cipher key for its "remember me" feature. An attacker could use this to devise a malicious request parameter and gain access to unauthorized content...

9.8CVSS7.3AI score0.92988EPSS
Exploits9References5
RedHat Linux
RedHat Linux
added 2016/10/06 4:18 p.m.6 views

shiro: Security constraint bypass

It was found that Apache Shiro uses a default cipher key for its "remember me" feature. An attacker could use this to devise a malicious request parameter and gain access to unauthorized content...

9.8CVSS7.3AI score0.92988EPSS
Exploits9References5
OSV
OSV
added 2016/06/07 2:6 p.m.2 views

DEBIAN-CVE-2016-4437

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...

9.8CVSS9.4AI score0.92988EPSS
Exploits9References1
NVD
NVD
added 2016/06/07 2:6 p.m.36 views

CVE-2016-4437

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...

9.8CVSS8.4AI score0.92988EPSS
Exploits9References8
UbuntuCve
UbuntuCve
added 2016/06/07 2:6 p.m.38 views

CVE-2016-4437

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...

9.8CVSS7.2AI score0.92988EPSS
Exploits9References3
Prion
Prion
added 2016/06/07 2:6 p.m.25 views

Code injection

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...

6.8CVSS8.2AI score0.92988EPSS
Exploits9References7Affected Software1
OSV
OSV
added 2016/06/07 2:6 p.m.6 views

UBUNTU-CVE-2016-4437

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...

9.8CVSS6.2AI score0.92988EPSS
Exploits9References4
Vulnrichment
Vulnrichment
added 2016/06/07 2:0 p.m.10 views

CVE-2016-4437

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...

8AI score0.92988EPSS
Exploits9References7
RedhatCVE
RedhatCVE
added 2016/06/07 8:18 a.m.32 views

CVE-2016-4437

It was found that Apache Shiro uses a default cipher key for its "remember me" feature. An attacker could use this to devise a malicious request parameter and gain access to unauthorized content...

9.8CVSS3.1AI score0.92988EPSS
Exploits9References1
Positive Technologies
Positive Technologies
added 2016/06/03 12:0 a.m.7 views

PT-2016-3363

Name of the Vulnerable Software and Affected Versions Apache Shiro versions prior to 1.2.5 Description The issue is related to the "remember me" feature in Apache Shiro, where the lack of a configured cipher key allows remote attackers to execute arbitrary code or bypass intended access...

9.8CVSS7.5AI score0.92988EPSS
Exploits9References35
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.30 views

FileZilla 2.2.15 FTP Client Hard-Coded Cipher Key Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14730/info FileZilla FTP client may allow local attackers to obtain user passwords and access remote servers. The application uses a hard-coded cipher key to decrypt the password, which is stored in an XML file or the...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2005/09/05 12:0 a.m.42 views

filezillaWeak.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Title: FileZilla weakly-encrypted password vulnerability Risk: HIGH Credits: pagvac Adrian Pastor Date found: 6th August, 2005 Homepage: www.ikwt.com www.adrianpv.com E-mail: m123303 - at - richmond.ac.uk Background - ----------- FileZilla is the most...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2005/09/02 12:0 a.m.27 views

FileZilla 2.2.15 - FTP Client Hard-Coded Cipher Key

FileZilla 2.2.15 - FTP Client Hard-Coded Cipher Key // source: https://www.securityfocus.com/bid/14730/info FileZilla FTP client may allow local attackers to obtain user passwords and access remote servers. The application uses a hard-coded cipher key to decrypt the password, which is stored in a...

0.2AI score
Exploits0
Rows per page
Query Builder