WebNMS Framework Server Credential Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebNMS Framework Server Credential Disclosure', 'Description' = %q This module abuses two vulnerabilities in WebNMS Framework Server 5.2 to extra...

CVE-2016-6601

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/webnmscreddisclosure.rb 2018-05-29 15:50:33+00:00| seen|...

CVE-2016-6601

CVE-2016-6601 — ZOHO WebNMS Framework is affected by a local file inclusion in the fileName parameter sent to servlets/FetchFile in versions before 5.2 SP1 (i.e., 5.2 and earlier). The vulnerability allows an attacker to read arbitrary files by manipulating the double-dot sequence in the filename...

WebNMS Framework 5.2SP1 Text File Download

Summary WebNMS is an industry-leading used to build network management applications architecture. The File Download feature does not require login you can download any text, non-binary file. Vulnerability details FetchFile to allow not logged in download the file, but only the text content of the...

Multiple Vendors '/servlets/FetchFile' Multiple Vulnerabilities - Active Check

Multiple vulnerabilities affecting the remote device have been found, these vulnerabilities allows uploading of arbitrary files and their execution, arbitrary file download with directory traversal, use of a weak algorithm for storing passwords and session hijacking. SPDX-FileCopyrightText: 2016...