CVE-2019-5029

An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. Arbitrary shell commands surrounded by backticks or $ can be inserted into the editor and will be executed by the Exhibitor process when it launches ZooKeeper. An attacker c...

Soabase Exhibitor UI Config Command Injection (CVE-2019-5029)

A command injection vulnerability exists in Soabase Exhibitor, an open source project from Netflix. The vulnerability is due to improper validation of user-supplied input in the Config tab of Exhibitor web interface. A remote unauthenticated attacker can exploit the vulnerability by sending craft...

Exhibitor Web UI 1.7.1 - Remote Code Execution

Exploit Title: Exhibitor Web UI 1.7.1 - Remote Code Execution Date: 2019-11-13 Exploit Author: Logan Sanderson Web Site: https://github.com/soabase/exhibitor/wiki/Running-Exhibitor Version : 1.7.1 CVE : CVE-2019-5029 Exhibitor UI command injection vulnerability November 13, 2019 CVE Number...

Exhibitor 1.0.9 <= 1.7.1 RCE Vulnerability

Exhibitor is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Exhibitor Detection

Detection of Exhibitor. The script sends a connection request to the server and attempts to detect Exhibitor and extract its version. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under th...

Exhibitor Command Injection Vulnerability

Exhibitor is the supervisor service used to manage ZooKeeper server instances. A command injection vulnerability in the Config editor in Exhibitor versions 1.0.9 through 1.7.1 can be exploited by an attacker to execute any command as the user running the Exhibitor process by inserting arbitrary...

CVE-2019-5029

An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. Arbitrary shell commands surrounded by backticks or $ can be inserted into the editor and will be executed by the Exhibitor process when it launches ZooKeeper. An attacker c...

CVE-2019-5029

An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. Arbitrary shell commands surrounded by backticks or $ can be inserted into the editor and will be executed by the Exhibitor process when it launches ZooKeeper. An attacker c...

Command injection

An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. Arbitrary shell commands surrounded by backticks or $ can be inserted into the editor and will be executed by the Exhibitor process when it launches ZooKeeper. An attacker c...

CVE-2019-5029

An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. Arbitrary shell commands surrounded by backticks or $ can be inserted into the editor and will be executed by the Exhibitor process when it launches ZooKeeper. An attacker c...

CVE-2019-5029

Exploitable command-injection exists in Exhibitor Web UI Config editor (versions 1.0.9–1.7.1). Arbitrary shell commands enclosured in backticks or $(...) are executed by the Exhibitor process when ZooKeeper is launched, allowing an attacker to run commands as the Exhibitor user. Connected sources...

Vulnerability Spotlight: Command injection bug in Exhibitor UI

Logan Sanderson of Cisco ASIG discovered this vulnerability. Blog by Jon Munshaw. Exhibitor Web UI contains an exploitable command injection vulnerability in its Config editor. Exhibitor is a ZooKeeper supervisory process. Exhibitor's Web UI does not have any form of authentication, and prior to...

Exhibitor UI command injection vulnerability

Summary An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. Arbitrary shell commands surrounded by backticks or $ can be inserted into the editor and will be executed by the Exhibitor process when it launches ZooKeeper. An...

rhs.org.uk XSS vulnerability

Vulnerable URL: https://www.rhs.org.uk/shows-events/rhs-chelsea-flower-show/////exhibitor-search?searchText="=52="Acers" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 30408 VIP...

e3insider.com XSS vulnerability

Open Bug Bounty ID: OBB-224457 Description| Value ---|--- Affected Website:| e3insider.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...