4 matches found
Nuuo Central Management Server User Session Token Bruteforce
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'benchmark' class MetasploitModule 'Nuuo Central Management Server User Session Token Bruteforce', 'Description' = %q Nuuo Central Management Server below versio...
CVE-2018-17888
creationtimestamp| type| source ---|---|--- 2019-02-20 15:25:22+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/nuuocmsbruteforce.rb 2025-02-06 03:13:43+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:10:06+00:00| seen|...
CVE-2018-17888
NUUO CMS all versions 3.1 and prior, The application uses a session identification mechanism that could allow attackers to obtain the active session ID, which could allow arbitrary remote code execution...
CVE-2018-17888
CVE-2018-17888 affects NUUO CMS versions 3.1 and prior. The vulnerability stems from an insecure session identification mechanism that can let an attacker obtain the active session ID, potentially enabling arbitrary remote code execution. Public assessments cite a high/critical risk (CVSS v3 base...