8 matches found
Red Hat JBoss Application Server (AS) Console and Web Management Misconfiguration Vulnerability - Active Check
The default configuration of Red Hat JBoss Application Server AS does not restrict access to the console and web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests. SPDX-FileCopyrightText: 2019 Greenbone AG Some text...
Design/Logic Flaw
HP ProCurve Manager PCM 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager IDM 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to 1 EJBInvokerServlet or 2 JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplica...
Cisco Prime Data Center Network Manager RMI Remote Code Execution (credentialed check)
According to its self-reported version number, the version of Cisco Prime Data Center Network Manager DCNM installed on the remote host is affected by a remote code execution vulnerability. Unauthorized users have access to the JBoss Application Server Remote Method Invocation services. A remote,...
JBoss DeploymentFileRepository WAR Deployment
Exploit for multiple platform in category remote exploits require 'msf/core' class Metasploit4 /JBoss/ include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE def initializeinfo = superupdateinfoinfo, 'Name' = 'JBoss DeploymentFileRepository WAR Deployment via JMXInvokerServlet',...
JBoss DeploymentFileRepository WAR Deployment
require 'msf/core' class Metasploit4 /JBoss/ include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE def initializeinfo = superupdateinfoinfo, 'Name' = 'JBoss DeploymentFileRepository WAR Deployment via JMXInvokerServlet', 'Description' = %q This module can be used to execute a payload...
JBoss DeploymentFileRepository WAR Deployment (via JMXInvokerServlet)
This module can be used to execute a payload on JBoss servers that have an exposed HTTPAdaptor's JMX Invoker exposed on the "JMXInvokerServlet". By invoking the methods provided by jboss.admin:DeploymentFileRepository a stager is deployed to finally upload the selected payload to the target. The...
CVE-2007-1036
creationtimestamp| type| source ---|---|--- 2010-10-19 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16318 2012-09-05 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/21080 2018-05-29 15:50:33+00:00| seen|...
CVE-2007-1036
CVE-2007-1036 affects JBoss where the default configuration does not restrict access to the console and web management interfaces. This allows an unauthenticated remote attacker to bypass authentication and gain administrative access via direct requests to the JBoss web console, enabling potentia...