24 matches found
EUVD-2020-17430
Malware in sbrugna...
EUVD-2014-9382
Malware in sbrugna...
SUSE CVE-2014-9568
puppetlabs-rabbitmq 3.0 through 4.1 stores the RabbitMQ Erlang cookie value in the facts of a node, which allows local users to obtain sensitive information as demonstrated by using Facter...
CVE-2020-15325
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication...
CVE-2020-15325
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication...
Hardcoded credentials
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication...
Couchbase Server 安全漏洞
Couchbase Server is a distributed database from Couchbase Inc. that supports data query, full-text search, and active global replication.An information disclosure vulnerability exists in versions of Couchbase Server prior to 7.0.4. The vulnerability stems from the fact that when using the...
Exploit for Insecure Default Initialization of Resource in Apache Couchdb
Apache CouchDB 3.2.1 - Remote Code Execution RCE CVE-2022-24...
GHSA-H3GH-978R-747W puppetlabs-rabbitmq allows local users to obtain sensitive information
puppetlabs-rabbitmq 3.0 through 4.1 stores the RabbitMQ Erlang cookie value in the facts of a node, which allows local users to obtain sensitive information as demonstrated by using Facter...
puppetlabs-rabbitmq allows local users to obtain sensitive information
puppetlabs-rabbitmq 3.0 through 4.1 stores the RabbitMQ Erlang cookie value in the facts of a node, which allows local users to obtain sensitive information as demonstrated by using Facter...
Apache CouchDB 3.2.1 - Remote Code Execution Exploit
Exploit Title: Apache CouchDB 3.2.1 - Remote Code Execution RCE Exploit Author: Konstantin Burov, @sadshade Software Link: https://couchdb.apache.org/ Version: 3.2.1 and below Tested on: Kali 2021.2 Based on 1F98D's Erlang Cookie - Remote Code Execution Shodan: port:4369 "name couchdb at" CVE:...
Metasploit Wrap-Up
Confluence Server OGNL Injection Our own wvu along with Jang added a module that exploits an OGNL injection CVE-2021-26804in Atlassian Confluence's WebWork component to execute commands as the Tomcat user. CVE-2021-26804 is a critical remote code execution vulnerability in Confluence Server and...
Solarflare - SolarWinds Orion Account Audit / Password Dumping Utility
Credential Dumping Tool for SolarWinds Orion Blog post: https://malicious.link/post/2020/solarflare-release-password-dumper-for-solarwinds-orion/ Credit to @asolino, @gentilkiwi, and @skelsec for helping me figuring out DPAPI. ============================================ | Collecting RabbitMQ...
CVE-2020-24719
Exposed Erlang Cookie could lead to Remote Command Execution RCE attack. Communication between Erlang nodes is done by exchanging a shared secret aka "magic cookie". There are cases where the magic cookie is included in the content of the logs. An attacker can use the cookie to attach to an Erlan...
CVE-2020-15325
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cookie for ejabberd replication...
CVE-2020-15325
The CVE refers to Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1, where a hardcoded Erlang cookie for ejabberd replication creates a risk of unauthorized access. Related connected sources (PT-2020-6772) also note unencrypted storage of credentials, increasing exposure. Affected versions are 3.1.0–3.1...
PT-2020-6772 · Zyxel · Zyxel Cloudcnm Secumanager
Name of the Vulnerable Software and Affected Versions: Zyxel CloudCNM SecuManager versions 3.1.0 through 3.1.1 Description: The issue is related to a hardcoded Erlang cookie for ejabberd replication in Zyxel CloudCNM SecuManager. Additionally, there is a problem with unencrypted storage of...
Erlang Port Mapper Daemon Cookie Remote Code Execution Exploit
The erlang port mapper daemon is used to coordinate distributed erlang instances. Should an attacker get the authentication cookie, remote code execution is trivial. Usually, this cookie is named ".erlang.cookie" and varies on location. This module requires Metasploit:...
CVE-2020-24719
creationtimestamp| type| source ---|---|--- 2018-12-19 14:31:13+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/misc/erlangcookierce.rb 2020-11-13 00:31:16+00:00| seen| https://t.me/cibsecurity/16279 2025-10-23 21:12:59+00:00| seen|...
Vulnerability in puppetlabs-rabbitmq
Puppet is the United States Puppet Labs a set of client/server C / S architecture based on the configuration management tools , it can be used to manage configuration files , users , cron tasks , packages , system services and so on. puppetlabs-stdlib is one of the implementation of the Advanced...