19 matches found
EUVD-2020-11136
Malware in sbrugna...
Ubuntu: Security Advisory (USN-7139-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Apache Shiro < 1.2.5 Default Cipher Key (CVE-2016-4437)
The Apache Shiro uses a default cipher key for the 'remember me' feature when not explicitly configured. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary code or access content that would otherwise be protected by a security constraint...
CVE-2020-19229
Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute arbitrary commands via the rememberMe parameter...
Deserialization of untrusted data
Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute arbitrary commands via the rememberMe parameter...
CVE-2020-19229
Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute arbitrary commands via the rememberMe parameter. Recent assessments: Assessed Attacker Value: 0...
Apache Shiro Default Cipher Key (CVE-2016-4437)
Binary data apacheshirocve-2016-4437.nbin...
Exploit for Use of Hard-coded Cryptographic Key in Apache Aurora
Awesome-shiro CVE-2016-4437 Shiro=1.2.4反序列化,爆破模块和key、代码执行、反弹shell的工具 ---- 漏洞原因 因为shiro对cookie里的rememberme字段进行了反序列化,所以如果知道了shiro的编码方式,然后将恶意命令用它的编码方式进行编码并放在http头的cookie里,在shiro对提交的cookie的rememberme字段进行反序列化时,也就执行了插入的命令,最终造成了命令执行 shiro默认使用了CookieRememberMeManager,其处理cookie的流程是:...
Exploit for Use of Hard-coded Cryptographic Key in Apache Aurora
Awesome-shiro CVE-2016-4437 Shiro=1.2.4 deserialization,...
Apache Shiro Remote Code Execution (CVE-2016-4437)
A remote code execution vulnerability exists in Apache Shiro. Successful exploitation could allow the attacker to execute arbitrary code on the affected system...
Apache Shiro 1.2.4 Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Shiro v1.2.4 Cookie RememberME Deserial RCE', 'Description' = %q This vulnerability allows remote attackers to execute arbitrary code on...
CVE-2016-4437
creationtimestamp| type| source ---|---|--- 2020-04-28 19:46:19+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/shiroremembermev124deserialize.rb 2020-05-01 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/48410 2021-09-21...
Apache Shiro v1.2.4 Cookie RememberME Deserial RCE
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache Shiro v1.2.4. Note that other versions of Apache Shiro may also be exploitable if the encryption key used by Shiro to encrypt rememberMe cookies is known. This module requires Metasploit:...
Important: Red Hat Security Advisory: Red Hat JBoss Fuse 6.3 security update
Red Hat JBoss Fuse 6.3, which fixes multiple security issues and includes several bug fixes and enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...
SOL23374214 - Apache Shiro vulnerability CVE-2016-4437
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
Tiki-Wiki CMS Calendar Command Execution
Tiki-Wiki CMS's calendar module contains a remote code execution vulnerability within the viewmode GET parameter. The calendar module is NOT enabled by default. If enabled, the default permissions are set to NOT allow anonymous users to access. Vulnerable versions: 'Tiki-Wiki CMS Calendar Command...
CVE-2016-4437
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...
CVE-2016-4437
Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...
CVE-2016-4437
The CVE-2016-4437 issue affects Apache Shiro before 1.2.5 when no cipher key is configured for the rememberMe feature, enabling remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter. Public advisories describe an RCE condition with ...