Lucene search
K

213 matches found

Gitee
Gitee
added 2023/12/22 10:2 p.m.4 views

Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway

开源工具 SpringBoot-Scan 的GUI图形化版本,对你有用的话麻烦点个Star哈哈 注意:本工具内置相关漏洞的Exp,杀软报毒属于正常现象! 新版本工具使用 python3 main.py VulHub 漏洞测试环境搭建 git clone https://github.com/vulhub/vulhub.git 安装Docker环境 sudo apt-get install docker.io sudo apt install docker-compose 搭建CVE-2022-22965 cd /vulhub/CVE-2022-22965 sudo...

10CVSS8.3AI score0.99939EPSS
Exploits182
Spring Security Advisories
Spring Security Advisories
added 2023/07/11 12:0 a.m.19 views

This Week in Spring - July 11th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! I'm in yummy, sunny Jakarta, Indonesia at the moment, preparing for a week of meetings and the SpringOne Tour Indonesia event later this week. I'll also be speaking in Kuala Lumpur, Malaysia on July 20th, 2023 . If you're in...

7AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/07/05 12:0 a.m.73 views

Active Health Check strategies with Spring Cloud Gateway

Active health check strategies with Spring Cloud Gateway Nowadays, applications are built as a collection of small independent upstream services. This accelerates development and allows modules to be focused on specific responsibilities, increasing their quality. This is one of the main advantage...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/05/26 12:0 a.m.146 views

Spring Cloud Gateway Code Injection (CVE-2022-22947)

Binary data springcloudgatewaycve-2022-22947direct.nbin...

10CVSS10AI score0.98253EPSS
Exploits54References2
CNNVD
CNNVD
added 2023/05/09 12:0 a.m.6 views

Siemens SIMATIC Cloud Connect 信息泄露漏洞

SIMATIC Cloud Connect 7 is an IoT gateway for connecting programmable logic controllers to cloud services and allows field devices with OPC UA server interfaces to be connected as OPC UA clients. An information disclosure vulnerability exists in Siemens SIMATIC Cloud Connect 7, which can be...

7.5CVSS6.2AI score0.00718EPSS
Exploits0References3
OSV
OSV
added 2023/03/29 5:15 p.m.3 views

CVE-2023-26292

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Forcepoint Cloud Security Gateway CSG Portal on Web Cloud Security Gateway, Email Security Cloud loginsubmit.mhtml modules, Forcepoint Web Security Portal on Hybrid loginsubmit.mhtml modules allows...

6.1CVSS6.4AI score0.00353EPSS
Exploits0References1
OSV
OSV
added 2023/03/29 5:15 p.m.2 views

CVE-2023-26290

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Forcepoint Cloud Security Gateway CSG Portal on Web Cloud Security Gateway, Email Security Cloud loginresetrequest.mhtml modules, Forcepoint Web Security Portal on Hybrid loginresetrequest.mhtml...

6.1CVSS5.8AI score0.00353EPSS
Exploits0References1
Citrix
Citrix
added 2023/03/15 12:0 a.m.6 views

Syslog not being sent to external syslog server from Citrix Cloud Gateway Service (Adaptive Auth)

Configure external syslog server when using Cloud Gateway as a Service for Adaptive Authentication...

7.2AI score
Exploits0
GithubExploit
GithubExploit
added 2023/02/07 1:59 a.m.21 views

Exploit for Expression Language Injection in Vmware Spring_Cloud_Gateway

Introduction Through CVE-2022-22947, an attack is attempte...

10CVSS7.2AI score0.98253EPSS
Exploits54
Spring Security Advisories
Spring Security Advisories
added 2023/01/24 9:0 a.m.19 views

This Week in Spring - SpringOne Essentials 2023 edition - January 24th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! Today is a very day for you see, today we kick off SpringOne Essentials, the online incarnation of SpringOne, online. Well see you live, on stream, in just a few hours!. SpringOne Essentials is going to be amazing, but before...

2.4AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/01/24 12:0 a.m.22 views

This Week in Spring - SpringOne Essentials 2023 edition - January 24th, 2023

Hi, Spring fans! Welcome to another installment of This Week in Spring! Today is a very day for you see, today we kick off SpringOne Essentials, the online incarnation of SpringOne, online. We'll see you live, on stream, in just a few hours!. SpringOne Essentials is going to be amazing, but befor...

2.4AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/01/18 5:0 p.m.31 views

Interesting new filters on Spring Cloud Gateway 4.0

Spring Cloud Gateway 4.0 is finally here! Thanks to our community contributions we have introduced new features and interesting filters. This blog post details new noteworthy and explains some of the new filters included, how they work and how you can use it to provide more insights into your...

7AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/01/18 12:0 a.m.8 views

Interesting new filters on Spring Cloud Gateway 4.0

Spring Cloud Gateway 4.0 is finally here! Thanks to our community contributions we have introduced new features and interesting filters. This blog post details new noteworthy and explains some of the new filters included, how they work and how you can use it to provide more insights into your...

7AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2023/01/18 12:0 a.m.132 views

Interesting new filters on Spring Cloud Gateway 4.0

Spring Cloud Gateway 4.0 is finally here! Thanks to our community contributions we have introduced new features and interesting filters. This blog post details new noteworthy and explains some of the new filters included, how they work and how you can use it to provide more insights into your...

7AI score
Exploits0
GithubExploit
GithubExploit
added 2022/11/15 9:11 a.m.440 views

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

CVE-2022-22947 Usage: python3 CVE-2022-22947.py url...

10CVSS9.7AI score0.98253EPSS
Exploits54
GithubExploit
GithubExploit
added 2022/10/29 3:28 a.m.485 views

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

SpringAllReachable A graphical tool for rapid exploitati...

10CVSS7.9AI score0.99939EPSS
Exploits86
0day.today
0day.today
added 2022/10/17 12:0 a.m.405 views

Spring Cloud Gateway 3.1.0 Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated remote code execution vulnerability in Spring Cloud Gateway versions 3.0.0 through 3.0.6 and 3.1.0. The vulnerability can be exploited when the Gateway Actuator endpoint is enabled, exposed and unsecured. An unauthenticated attacker can use SpEL...

10CVSS10AI score0.98253EPSS
Exploits54
Packet Storm
Packet Storm
added 2022/10/17 12:0 a.m.331 views

Spring Cloud Gateway 3.1.0 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Cloud Gateway Remote Code Execution', 'Description' = %q This module exploits an unauthenticated remote code execution vulnerability in...

10CVSS0.2AI score0.98253EPSS
Exploits54
Rapid7 Blog
Rapid7 Blog
added 2022/10/14 5:3 p.m.59 views

Metasploit Wrap-Up

Spring Cloud Gateway RCE This week, a new module that exploits a code injection vulnerability in Spring Cloud Gateway CVE-2022-22947 has been added by @Ayantaker. Versions 3.1.0 and 3.0.0 to 3.0.6 are vulnerable if the Gateway Actuator endpoint is enabled, exposed and unsecured. The module sends ...

6.8CVSS1.2AI score0.98253EPSS
Exploits68
Metasploit
Metasploit
added 2022/10/12 7:50 p.m.215 views

Spring Cloud Gateway Remote Code Execution

This module exploits an unauthenticated remote code execution vulnerability in Spring Cloud Gateway versions = 3.1.0 and 3.0.0 to 3.0.6. The vulnerability can be exploited when the Gateway Actuator endpoint is enabled, exposed and unsecured. An unauthenticated attacker can use SpEL expressions to...

10CVSS8.9AI score0.98253EPSS
Exploits54
Rows per page
Query Builder