7 matches found
CVE-2013-1814
creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/apacheravecreds.rb 2025-02-06 03:13:41+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:09:14+00:00| seen|...
Apache Rave User Information Disclosure
This module exploits an information disclosure in Apache Rave 0.20 and prior. The vulnerability exists in the RPC API, which allows any authenticated user to disclose information about all the users, including their password hashes. In order to authenticate, the user can provide his own...
CVE-2013-1814
The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response...
DSquare Exploit Pack: D2SEC_APACHE_RAVE
Name| d2secapacherave ---|--- CVE| CVE-2013-1814 Exploit Pack| D2ExploitPack Description| d2secapacherave.py Notes|...
CVE-2013-1814
CVE-2013-1814 (Apache Rave) affects Apache Rave 0.11–0.20. The vulnerability lies in the User RPC API (users/get): remote authenticated users can disclose sensitive data for all user accounts via the offset parameter, including password hashes. Public references corroborate an information disclos...
Apache Rave 0.11 - 0.20 - User Information Disclosure Vulnerability
Exploit for multiple platform in category web applications CVE-2013-1814: Apache Rave exposes User over API Severity: Important Vendor: The Apache Software Foundation Versions Affected: Rave 0.11 to 0.20 Description: Rave returns the full user object, including the salted and hashed password, via...
Apache Rave User Exposure
CVE-2013-1814: Apache Rave exposes User over API Severity: Important Vendor: The Apache Software Foundation Versions Affected: Rave 0.11 to 0.20 Description: Rave returns the full user object, including the salted and hashed password, via the User RPC API. This endpoint is only available to...