27 matches found
Security Bulletin: IBM Transformation Extender Advanced v10.0.x is affected by a vulnerability in its dependencies
Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, is vulnerable to Unix File Parameter Alteration Vulnerability Details CVEID:CVE-2020-3452 DESCRIPTION: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software could allow a remote...
U.S. Dept Of Defense: [CVE-2020-3452] Unauthenticated file read in Cisco ASA
i found out that https://█████████/ was vulnerable to CVE-2020-3452 The IP has a SSL certificate pointing to █████████ curl -kv https://██████████/ Output Server certificate: subject: C=US; ████.mil Impact Anyone can read any file present on the server. System Hosts ███ Affected Products and...
U.S. Dept Of Defense: [CVE-2020-3452] Unauthenticated file read in Cisco ASA
i found out that https://█████/ was vulnerable to CVE-2020-3452 The IP has a SSL certificate pointing to ██████████ curl -kv https://███████/ Output; Server certificate: ███ Impact Anyone can read any file present on the server. System Hosts █████ Affected Products and Versions CVE Numbers...
U.S. Dept Of Defense: [CVE-2020-3452] on ███████
The following subdomain is vulnerable to CVE-2020-3452, which is an unauthenticated file read in Cisco ASA & Cisco Firepower. URL: https://████/ Vulnerable URL: https://███/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portalinc.lua&default-language&lang=../ ██████████ Resources:...
U.S. Dept Of Defense: Path Traversal - [ CVE-2020-3452 ]
Hello, I would like to report Path Traversal issue CVE-2020-3452 was found on https://█████/. POC: https://█████████/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portalinc.lua&default-language&lang=../ Impact https://nvd.nist.gov/vuln/detail/CVE-2020-3452 System Hosts ███ Affected...
Exploit for Improper Input Validation in Cisco Adaptive_Security_Appliance_Software
Cisco-CVE-2020-3452-checker simple bash script of Cisco CVE-20...
Exploit for Improper Input Validation in Cisco Adaptive_Security_Appliance_Software
Cisco Adaptive Security Appliance Software and Firepower Threa...
Cisco ASA 9.14.1.10 / FTD 6.6.0.1 Path Traversal
Exploit Title: Cisco ASA 9.14.1.10 and FTD 6.6.0.1 - Path Traversal 2 Date: 12 Dec 2020 Exploit Author: [email protected] Vendor Homepage: cisco.com Software Link: It’s against Hardware, specifically ASA’s and FTD’s Version: ASAs from version 9.6 to 9.14.1.10 and FTD’s versions 6.2.3 to...
Cisco ASA 9.14.1.10 and FTD 6.6.0.1 - Path Traversal (2)
Exploit Title: Cisco ASA 9.14.1.10 and FTD 6.6.0.1 - Path Traversal 2 Date: 12 Dec 2020 Exploit Author: [email protected] Vendor Homepage: cisco.com Software Link: It’s against Hardware, specifically ASA’s and FTD’s Version: ASAs from version 9.6 to 9.14.1.10 and FTD’s versions 6.2.3 to...
Cisco ASA and FTD 9.6.4.42 - Path Traversal
Exploit Title: Cisco ASA and FTD 9.6.4.42 - Path Traversal Date: 2020-10-10 Exploit Author: 3ndG4me Vendor: www.cisco.com Product: https://www.cisco.com/c/en/us/products/security/asa-firepower-services/index.html CVE : CVE-2020-3452 TARGET=$1 CISCOKNOWNFILES="logo.gif httpauth.html userdialog.htm...
Cisco ASA / FTD 9.6.4.42 Path Traversal
Exploit Title: Cisco ASA and FTD 9.6.4.42 - Path Traversal Date: 2020-10-10 Exploit Author: 3ndG4me Vendor: www.cisco.com Product: https://www.cisco.com/c/en/us/products/security/asa-firepower-services/index.html CVE : CVE-2020-3452 TARGET=$1 CISCOKNOWNFILES="logo.gif httpauth.html userdialog.htm...
U.S. Dept Of Defense: [CVE-2020-3452] Unauthenticated file read in Cisco ASA
Hey, I found out that host ████████.mil was vulnerable to CVE-2020-3452. You can test it by visiting the URL: https://██████████.mil/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=%2bCSCOE%2b/portalinc.lua To try it with CURL please run the following command:...
U.S. Dept Of Defense: CVE-2020-3452, unauthenticated file read in Cisco ASA & Cisco Firepower.
Summary: The affected IP: █████ Here is POC of CVE-2020-3452, unauthenticated file read in Cisco ASA & Cisco Firepower. For example to read "/+CSCOE+/portalinc.lua" file. for example: ████/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portalinc.lua&default-language&lang=../ Suggested...
Exploit for Improper Input Validation in Cisco Adaptive_Security_Appliance_Software
CVE-2020-3452 CVE-2020-3452 - directory traversal in Cisco ASA...
Mail.ru: [webvpn.city-srv.ru] Path traversal via CVE-2020-3452
CVE-2020-3452 on webvpn.city-srv.ru...
Exploit for Improper Input Validation in Cisco Adaptive_Security_Appliance_Software
CVE-2020-3452 TL;DR This is an exploit for CVE-2020-3452...
Cisco Adaptive Security Appliance Software 9.11 Local File Inclusion
Exploit Title: Cisco Adaptive Security Appliance Software 9.11 - Local File Inclusion Google Dork: inurl:/+CSCOE+/ Date: 2020-08-27 Exploit Author: 0xmmnbassel Vendor Homepage: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86 Version: Cisco AS...
Cisco Adaptive Security Appliance Software 9.11 - Local File Inclusion Exploit
Exploit for hardware platform in category web applications Exploit Title: Cisco Adaptive Security Appliance Software 9.11 - Local File Inclusion Google Dork: inurl:/+CSCOE+/ Date: 2020-08-27 Exploit Author: 0xmmnbassel Vendor Homepage:...
QIWI: CVE-2020-3187 - unauthenticated arbitrary file deletion in Cisco
Steps to reproduce: I could delete arbitrary files from https://79.142.21.220/ using CVE-2020-3187. POC video is attached. Browser/OS: Chrome/Windows ALSO Cisco ASA - Arbitary File Read - CVE-2020-3452 the file downloaded also attached here for poc Impact Impact: RCE is P1 critical vulnerability,...
Cisco Adaptive Security Appliance Software 9.11 - Local File Inclusion
Exploit Title: Cisco Adaptive Security Appliance Software 9.11 - Local File Inclusion Google Dork: inurl:/+CSCOE+/ Date: 2020-08-27 Exploit Author: 0xmmnbassel Vendor Homepage: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86 Version: Cisco AS...