CVE-2023-51518

CVE-2023-51518 affects Apache James before 3.7.5 and 3.8.0, exposing a JMX endpoint on localhost that is vulnerable to pre-authentication deserialization. An attacker could leverage a deserialization gadget to achieve privilege escalation as part of an exploit chain; the endpoint is local by defa...

CVE-2023-51518 Apache James server: Privilege escalation via JMX pre-authentication deserialisation

Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data. Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in privilege escalation. Note that by default JM...

SUSE SLES12 Security Update : docker (SUSE-SU-2024:0587-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0587-1 advisory. - BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two...

SUSE SLES15 / openSUSE 15 Security Update : docker (SUSE-SU-2024:0586-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0586-1 advisory. - BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable...

SUSE: Security Advisory (SUSE-SU-2024:0586-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Exploit for Path Traversal in Jenkins

🤵🏻 CVE-2024-23897 Arbitrary-file-read 🤵🏻 ============= ---------...

WEB-Wordlist-Generator - Creates Related Wordlists After Scanning Your Web Applications

WEB-Wordlist-Generator scans your web applications and creates related wordlists to take preliminary countermeasures against cyber attacks. Done x Scan Static Files. Scan Metadata Of Public Documents pdf,doc,xls,ppt,docx,pptx,xlsx etc. Create a New Associated Wordlist with the Wordlist Given as a...

Security Bulletin: Multiple Security Vulnerabilities were identified in IBM Security Verify Access

Summary There were multiple Security Vulnerabilities that were reported against IBM Security Verify Access. These have been addressed in IBM Security Verify Access updates. Vulnerability Details CVEID:CVE-2023-31003 DESCRIPTION: IBM Security Access Manager Container IBM Security Verify Access...

Metasploit Weekly Wrap-Up 02/09/2024

Go go gadget Fortra GoAnywhere MFT Module This Metasploit release contains a module for one of 2024's hottest vulnerabilities to date: CVE-2024-0204. The path traversal vulnerability in Fortra GoAnywhere MFT allows for unauthenticated attackers to access the InitialAccountSetup.xhtml endpoint whi...

CVE-2024-23756

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 5221, allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them...

CVE-2024-23756

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 5221, allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them...

Design/Logic Flaw

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 5221, allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them...

Exploit for Code Injection in Apache Commons_Text

Install maven - maven-linuxhttps://www.digitalocean.com/c...

CVE-2024-23756

The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 5221, allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them...

Spring Tips: Spring Boot Testjars

Hi, Spring fans! In this installment we look at the brand new Spring Boot Testjars project, which greatly simplifies standing up and reusing satellite Java-based services like other Spring Boot-based microservices or infrastructure like the Spring Authorization Server. springboot java java21...

CVE-2024-23756

The CVE-2024-23756 issue affects Plone official Docker version 5.2.13 (5221) where HTTP PUT and DELETE methods are enabled, allowing unauthenticated attackers to upload or delete files on the server. Descriptions across multiple sources corroborate that the vulnerability enables dangerous actions...

CVE-2023-38369 IBM Security Access Manager Container information disclosure

IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 261196...

CVE-2023-38369

CVE-2023-38369 affects IBM Security Verify Access (ISVA) Docker 10.0.0.0–10.0.6.1 and ISVA Appliance 10.0.0.0–10.0.6.1. The root issue is that docker images are not required to enforce strong passwords by default, enabling potential account compromise. IBM and Red Hat advisories reference vulnera...

runc (docker) File Descriptor Leak Privilege Escalation

All versions of runc use exploit/linux/local/runccwdprivesc msf exploitrunccwdprivesc show targets ...targets... msf exploitrunccwdprivesc set TARGET msf exploitrunccwdprivesc show options ...show and set options... msf exploitrunccwdprivesc exploit This module requires Metasploit:...

Remote code execution

An issue in Plone Docker Official Image 5.2.13 5221 open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index npm...