Lucene search
K

19 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2020-11136

Malware in sbrugna...

9.8CVSS9.2AI score0.01417EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2024/12/06 12:0 a.m.16 views

Ubuntu: Security Advisory (USN-7139-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.5AI score0.93143EPSS
Exploits9References4
Tenable Nessus
Tenable Nessus
added 2022/04/15 12:0 a.m.305 views

Apache Shiro < 1.2.5 Default Cipher Key (CVE-2016-4437)

The Apache Shiro uses a default cipher key for the 'remember me' feature when not explicitly configured. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary code or access content that would otherwise be protected by a security constraint...

9.8CVSS8.2AI score0.93143EPSS
Exploits9References3
NVD
NVD
added 2022/04/05 4:15 p.m.28 views

CVE-2020-19229

Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute arbitrary commands via the rememberMe parameter...

9.8CVSS0.01417EPSS
Exploits1References1
Prion
Prion
added 2022/04/05 4:15 p.m.31 views

Deserialization of untrusted data

Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute arbitrary commands via the rememberMe parameter...

7.5CVSS8.2AI score0.93143EPSS
Exploits10References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/04/05 12:0 a.m.117 views

CVE-2020-19229

Jeesite 1.2.7 uses the apache shiro version 1.2.3 affected by CVE-2016-4437. Because of this version of the java deserialization vulnerability, an attacker could exploit the vulnerability to execute arbitrary commands via the rememberMe parameter. Recent assessments: Assessed Attacker Value: 0...

9.8CVSS6.1AI score0.93143EPSS
In wildExploits10References2
Tenable Nessus
Tenable Nessus
added 2022/03/30 12:0 a.m.350 views

Apache Shiro Default Cipher Key (CVE-2016-4437)

Binary data apacheshirocve-2016-4437.nbin...

9.8CVSS9AI score0.93143EPSS
Exploits9References3
Gitee
Gitee
added 2020/11/03 7:53 p.m.4 views

Exploit for Use of Hard-coded Cryptographic Key in Apache Aurora

Awesome-shiro CVE-2016-4437 Shiro=1.2.4反序列化,爆破模块和key、代码执行、反弹shell的工具 ---- 漏洞原因 因为shiro对cookie里的rememberme字段进行了反序列化,所以如果知道了shiro的编码方式,然后将恶意命令用它的编码方式进行编码并放在http头的cookie里,在shiro对提交的cookie的rememberme字段进行反序列化时,也就执行了插入的命令,最终造成了命令执行 shiro默认使用了CookieRememberMeManager,其处理cookie的流程是:...

9.8CVSS7AI score0.93143EPSS
Exploits9
GithubExploit
GithubExploit
added 2020/05/27 5:2 a.m.26 views

Exploit for Use of Hard-coded Cryptographic Key in Apache Aurora

Awesome-shiro CVE-2016-4437 Shiro=1.2.4 deserialization,...

9.8CVSS7.2AI score0.93143EPSS
Exploits9
Check Point Advisories
Check Point Advisories
added 2020/05/24 12:0 a.m.19 views

Apache Shiro Remote Code Execution (CVE-2016-4437)

A remote code execution vulnerability exists in Apache Shiro. Successful exploitation could allow the attacker to execute arbitrary code on the affected system...

6.8CVSS5.4AI score0.93143EPSS
Exploits9
Packet Storm
Packet Storm
added 2020/04/29 12:0 a.m.188 views

Apache Shiro 1.2.4 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Shiro v1.2.4 Cookie RememberME Deserial RCE', 'Description' = %q This vulnerability allows remote attackers to execute arbitrary code on...

6.8CVSS0.1AI score0.93143EPSS
Exploits9
Circl
Circl
added 2020/04/28 7:46 p.m.15 views

CVE-2016-4437

creationtimestamp| type| source ---|---|--- 2020-04-28 19:46:19+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/shiroremembermev124deserialize.rb 2020-05-01 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/48410 2021-09-21...

9.8CVSS7.1AI score0.93143EPSS
Exploits9References12
Metasploit
Metasploit
added 2020/04/27 3:50 p.m.74 views

Apache Shiro v1.2.4 Cookie RememberME Deserial RCE

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache Shiro v1.2.4. Note that other versions of Apache Shiro may also be exploitable if the encryption key used by Shiro to encrypt rememberMe cookies is known. This module requires Metasploit:...

9.8CVSS8.2AI score0.93143EPSS
Exploits9
RedHat Linux
RedHat Linux
added 2016/10/06 4:18 p.m.105 views

Important: Red Hat Security Advisory: Red Hat JBoss Fuse 6.3 security update

Red Hat JBoss Fuse 6.3, which fixes multiple security issues and includes several bug fixes and enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...

9.8CVSS7.6AI score0.93143EPSS
Exploits14References10
F5 Networks
F5 Networks
added 2016/07/07 12:0 a.m.71 views

SOL23374214 - Apache Shiro vulnerability CVE-2016-4437

Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...

9.8CVSS2.4AI score0.93143EPSS
Exploits9References4
Metasploit
Metasploit
added 2016/06/18 5:11 p.m.100 views

Tiki-Wiki CMS Calendar Command Execution

Tiki-Wiki CMS's calendar module contains a remote code execution vulnerability within the viewmode GET parameter. The calendar module is NOT enabled by default. If enabled, the default permissions are set to NOT allow anonymous users to access. Vulnerable versions: 'Tiki-Wiki CMS Calendar Command...

0.1AI score
Exploits0
OSV
OSV
added 2016/06/07 2:6 p.m.9 views

CVE-2016-4437

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...

9.8CVSS9.8AI score0.93143EPSS
Exploits9References8
Vulnrichment
Vulnrichment
added 2016/06/07 2:0 p.m.10 views

CVE-2016-4437

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter...

8AI score0.93143EPSS
Exploits9References7
CVE
CVE
added 2016/06/07 2:0 p.m.1240 views

CVE-2016-4437

The CVE-2016-4437 issue affects Apache Shiro before 1.2.5 when no cipher key is configured for the rememberMe feature, enabling remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter. Public advisories describe an RCE condition with ...

9.8CVSS8.3AI score0.93143EPSS
In wildExploits9References8Affected Software2
Rows per page
Query Builder