70 matches found
VulnCheck KEV: CVE-2023-33246
Several components of Apache RocketMQ, including NameServer, Broker, and Controller, are exposed to the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running...
Arbitrary Code Injection
org.apache.rocketmq, rocketmq-namesrv is vulnerable to Remote Code Execution RCE. The vulnerability exists because the library allows updating the config path at runtime, allowing an attacker to inject and execute malicious code through the update configuration function by forging the RocketMQ...
Apache RocketMQ Code Injection Vulnerability
Apache RocketMQ is the United States Apache Apache Foundation of a lightweight data processing platform and messaging engine. Apache RocketMQ suffers from a code injection vulnerability that originates from an extranet leak of the NameServer address and lack of privilege authentication, which can...
Design/Logic Flaw
The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the...
CVE-2023-37582 Apache RocketMQ: Possible remote code execution when using the update configuration function
The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the...
CVE-2023-37582 Apache RocketMQ: Possible remote code execution when using the update configuration function
The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. When NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the...
PT-2023-4093 · Apache · Rocketmq
Name of the Vulnerable Software and Affected Versions: RocketMQ versions prior to 4.9.7 RocketMQ versions prior to 5.1.2 Description: The vulnerability in the RocketMQ NameServer component allows for remote command execution. This issue arises when NameServer addresses are exposed on the extranet...
GHSA-X3CQ-8F32-5F63 Apache RocketMQ may have remote code execution vulnerability when using update configuration function
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...
extranet.rossini1969.it Cross Site Scripting vulnerability OBB-3370312
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Remote Code Execution (RCE)
RocketMQ is vulnerable to Remote Code Execution RCE. The vulnerability exists because the library allows updating the config path at runtime, allowing an attacker to inject and execute malicious code through the update configuration function by forging the RocketMQ protocol content, which also...
CVE-2023-33246
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...
extranet.ac-grenoble.fr Cross Site Scripting vulnerability OBB-3353845
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
extranet.acs.clients.zentech.gr Cross Site Scripting vulnerability OBB-3266991
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
extranet.acs.clients.zentech.gr Cross Site Scripting vulnerability OBB-3260695
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
extranet.rossini1969.it Cross Site Scripting vulnerability OBB-3219189
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
extranet.rossini1969.it Cross Site Scripting vulnerability OBB-2636818
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
extranet.curaviva-bl.ch Cross Site Scripting vulnerability OBB-2146559
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
extranet.intercariforef.org Cross Site Scripting vulnerability OBB-1367127
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
CVE-2019-1126
A security feature bypass vulnerability exists in Active Directory Federation Services ADFS which could allow an attacker to bypass the extranet lockout policy.To exploit this vulnerability, an attacker could run a specially crafted application, which would allow an attacker to launch a password...
CVE-2019-1126
A security feature bypass vulnerability exists in Active Directory Federation Services ADFS which could allow an attacker to bypass the extranet lockout policy.To exploit this vulnerability, an attacker could run a specially crafted application, which would allow an attacker to launch a password...