Lucene search
K

16 matches found

OpenVAS
OpenVAS
added 2022/12/19 12:0 a.m.19 views

Mageia: Security Advisory (MGASA-2022-0466)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9.6AI score0.92335EPSS
Exploits9References6
Mageia
Mageia
added 2022/12/17 6:48 p.m.61 views

Updated couchdb packages fix security vulnerability

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front o...

10CVSS3.5AI score0.92335EPSS
Exploits9References2
OpenVAS
OpenVAS
added 2022/11/08 12:0 a.m.32 views

Apache CouchDB < 3.2.2 Privilege Escalation Vulnerability - Active Check

Apache CouchDB is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:couchdb";...

10CVSS9.5AI score0.92335EPSS
Exploits9References4
Rapid7 Blog
Rapid7 Blog
added 2022/11/04 7:14 p.m.56 views

Metasploit Weekly Wrap-Up

C is for cookie And that’s good enough for Apache CouchDB, apparently. Our very own Jack Heysel added an exploit module based on CVE-2022-24706 targeting CouchDB prior to 3.2.2, leveraging a special default ‘monster’ cookie that allows users to run OS commands. This fake computer I just made says...

10CVSS8.2AI score0.99607EPSS
Exploits37
Packet Storm
Packet Storm
added 2022/11/02 12:0 a.m.546 views

Apache CouchDB Erlang Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Couchdb Erlang RCE', 'Description' = %q In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installatio...

10CVSS0.2AI score0.92335EPSS
Exploits9
The Hacker News
The Hacker News
added 2022/08/29 4:23 a.m.202 views

CISA Adds 10 New Known Actively Exploited Vulnerabilities to its Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Friday added 10 new actively exploited vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, including a high-severity security flaw affecting industrial automation software from Delta Electronics. The issue, tracked ...

10CVSS1.7AI score0.99939EPSS
Exploits72
GithubExploit
GithubExploit
added 2022/05/20 4:28 a.m.517 views

Exploit for Insecure Default Initialization of Resource in Apache Couchdb

Apache CouchDB 3.2.1 - Remote Code Execution RCE CVE-2022-24...

10CVSS9.9AI score0.92335EPSS
Exploits9
Tenable Nessus
Tenable Nessus
added 2022/05/13 12:0 a.m.113 views

Apache CouchDB < 3.2.2 Remote Privilege Escalation

According to its banner, the version of CouchDB running on the remote host is prior to 3.2.2 It is, therefore, potentially affected by a remote privilege escalation vulnerability. An attacker can access an improperly secured default installation without authenticating and gain admin privileges...

10CVSS7.5AI score0.92335EPSS
Exploits9References2
0day.today
0day.today
added 2022/05/12 12:0 a.m.514 views

Apache CouchDB 3.2.1 - Remote Code Execution Exploit

Exploit Title: Apache CouchDB 3.2.1 - Remote Code Execution RCE Exploit Author: Konstantin Burov, @sadshade Software Link: https://couchdb.apache.org/ Version: 3.2.1 and below Tested on: Kali 2021.2 Based on 1F98D's Erlang Cookie - Remote Code Execution Shodan: port:4369 "name couchdb at" CVE:...

9.8CVSS9.6AI score0.92335EPSS
Exploits9
Packet Storm
Packet Storm
added 2022/05/11 12:0 a.m.413 views

Apache CouchDB 3.2.1 Remote Code Execution

Exploit Title: Apache CouchDB 3.2.1 - Remote Code Execution RCE Date: 2022-01-21 Exploit Author: Konstantin Burov, @sadshade Software Link: https://couchdb.apache.org/ Version: 3.2.1 and below Tested on: Kali 2021.2 Based on 1F98D's Erlang Cookie - Remote Code Execution Shodan: port:4369 "name...

10CVSS0.2AI score0.92335EPSS
Exploits9
OpenVAS
OpenVAS
added 2022/05/03 12:0 a.m.25 views

Apache CouchDB < 3.2.2 Privilege Escalation Vulnerability - Linux - Version Check

Apache CouchDB is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:couchdb";...

10CVSS9.5AI score0.92335EPSS
Exploits9References3
Circl
Circl
added 2022/04/26 2:36 p.m.34 views

CVE-2022-24706

creationtimestamp| type| source ---|---|--- 2022-04-26 14:36:58+00:00| seen| https://t.me/cibsecurity/41424 2022-04-28 17:51:45+00:00| published-proof-of-concept| https://t.me/cKure/9439 2022-04-29 17:20:21+00:00| published-proof-of-concept| https://t.me/ShlezySecChannel/39 2022-05-22...

10CVSS7.5AI score0.92335EPSS
Exploits9References18
Vulnrichment
Vulnrichment
added 2022/04/26 12:0 a.m.6 views

CVE-2022-24706 Remote Code Execution Vulnerability in Packaging

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front o...

9.5AI score0.92335EPSS
Exploits9References10
Cvelist
Cvelist
added 2022/04/26 12:0 a.m.30 views

CVE-2022-24706 Remote Code Execution Vulnerability in Packaging

In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, including recommending using a firewall in front o...

9.7AI score0.92335EPSS
Exploits9References10
CVE
CVE
added 2022/04/26 12:0 a.m.921 views

CVE-2022-24706

CVE-2022-24706 affects Apache CouchDB before 3.2.2, where an attacker can access an improperly secured default installation without authentication and gain admin privileges due to an access-control flaw. Affected versions include 3.2.1 and earlier; remediation is to upgrade to CouchDB 3.2.2 (or a...

10CVSS9.5AI score0.92335EPSS
In wildExploits9References11Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2022/03/06 12:0 a.m.10 views

VulnCheck KEV: CVE-2022-24706

Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges...

10CVSS6.9AI score0.92335EPSS
Exploits9References1
Rows per page
Query Builder