12 matches found
EUVD-2023-45168
Malicious code in bioql PyPI...
EUVD-2023-2186
Malicious code in bioql PyPI...
CVE-2023-0871
XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity XXE injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution...
OpenNMS Horizon 31.0.7 Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenNMS Horizon Authenticated RCE', 'Description' = %q This module exploits built-in functionality in OpenNMS Horizon in order to execute arbitra...
CVE-2023-40612 Authenticated XXE Injection Via The File Editor
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLEFILESYSTEMEDITOR privileges is vulnerable to XXE injection attacks. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation...
CVE-2023-40612 Authenticated XXE Injection Via The File Editor
In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLEFILESYSTEMEDITOR privileges is vulnerable to XXE injection attacks. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation...
GHSA-W5GQ-XRRP-3FXF OpenNMS privilege elevation vulnerability
The Horizon REST API includes a users endpoint in OpenNMS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to elevation of privilege. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizo...
OpenNMS privilege elevation vulnerability
The Horizon REST API includes a users endpoint in OpenNMS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to elevation of privilege. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizo...
CVE-2023-0872 ROLE_REST can be used to escalate to ROLE_ADMIN via /rest/users
The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to elevation of privilege. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizo...
CVE-2023-0871 An XML External Entity injection vulnerability
XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity XXE injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution...
Nagios XI Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI Prior to 5.8.0 - Plugins Filename Authenticated Remote Code Exection', 'Description' = %q This module exploits a command injection...
FlexDotnetCMS 1.5.8 Arbitrary ASP File Upload
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FlexDotnetCMS Arbitrary ASP File Upload', 'Description' = %q This module exploits an arbitrary file upload vulnerability in FlexDotnetCMS v1.5.8...