3905 matches found
JBoss 'mod_cluster'安全绕过漏洞
Bugtraq ID: 51554 CVE ID:CVE-2011-4608 JBOSS是一个基于J2EE的开放源代码的应用服务器。 modcluster允许worker节点在任意虚拟主机vhost上注册,而无视应用在其他虚拟主机上的安全性限制。在某些环境下,一个vhost配置为内部worker节点,而另一个配置为服务外部内容。远程攻击者可以利用此缺陷通过没有配置应用安全限制的外部虚拟主机注册为攻击者控制的worker节点,然后使用worker节点服务恶意内容,截获验证凭据,劫持用户会话。 0 Red Hat JBoss Enterprise Web Server for RHEL 6...
mod_cluster: malicious worker nodes can register on any vhost
modcluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat Linux allows worker nodes to register with arbitrary virtual hosts, which allows remote attackers to bypass intended access restrictions and provide malicious content, hijack sessions, and steal credentials by registering from ...
mod_cluster: malicious worker nodes can register on any vhost
modcluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat Linux allows worker nodes to register with arbitrary virtual hosts, which allows remote attackers to bypass intended access restrictions and provide malicious content, hijack sessions, and steal credentials by registering from ...
ssh-hostkey NSE Script
Shows SSH hostkeys. Shows the target SSH server's key fingerprint and with high enough verbosity level the public key itself. It records the discovered host keys in nmap.registry for use by other scripts. Output can be controlled with the sshhostkey script argument. You may also compare the...
CVE-2011-4615
Multiple cross-site scripting XSS vulnerabilities in Zabbix before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the gname parameter aka host groups name to 1 hostgroups.php and 2 usergrps.php, the update action to 3 hosts.php and 4 scripts.php, and 5 maintenance.php...
DEBIAN-CVE-2011-4615
Multiple cross-site scripting XSS vulnerabilities in Zabbix before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the gname parameter aka host groups name to 1 hostgroups.php and 2 usergrps.php, the update action to 3 hosts.php and 4 scripts.php, and 5 maintenance.php...
CVE-2011-4615
Multiple cross-site scripting XSS vulnerabilities in Zabbix before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the gname parameter aka host groups name to 1 hostgroups.php and 2 usergrps.php, the update action to 3 hosts.php and 4 scripts.php, and 5 maintenance.php...
VMware vCenter Update Manager Detection
VMware vCenter Update Manager also known as vSphere Update Manager was detected on the remote host. This application is used to manage patches on vSphere hosts. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid56957; scriptversion"1.5"; scriptcvsdate"Date: 2019/11/22";...
Fedora Update for cherokee FEDORA-2011-14660
Check for the Version of cherokee OpenVAS Vulnerability Test Fedora Update for cherokee FEDORA-2011-14660 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Fedora Update for cherokee FEDORA-2011-14634
Check for the Version of cherokee OpenVAS Vulnerability Test Fedora Update for cherokee FEDORA-2011-14634 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
[SECURITY] Fedora 14 Update: puppet-2.6.12-1.fc14
Puppet lets you centrally manage every important aspect of your system usin g a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, an...
[SECURITY] Fedora 15 Update: puppet-2.6.12-1.fc15
Puppet lets you centrally manage every important aspect of your system usin g a cross-platform specification language that manages all the separate elements normally aggregated in different files, like users, cron jobs, and hosts, along with obviously discrete elements like packages, services, an...
Windows Recon Computer Browser Discovery
This module uses railgun to discover hostnames and IPs on the network. LTYPE should be set to one of the following values: WK all workstations, SVR all servers, SQL all SQL servers, DC all Domain Controllers, DCBKUP all Domain Backup Servers, NOVELL all Novell servers, PRINTSVR all Print Que...
VMSA-2011-0014:VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability
VMSA-2011-0014 VMware vCenter Update Manager fix for Jetty Web server addresses directory traversal vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2011-0014 VMware Security Advisory Synopsis: VMware vCenter Update Manager fix for Jetty Web server addresses...
Windows Manage Host File Entry Removal
This module allows the attacker to remove an entry from the Windows hosts file. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Manage Host File Entry Removal', 'Description' = %q This...
Windows Manage Hosts File Injection
This module allows the attacker to insert a new entry into the target system's hosts file. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'English' class MetasploitModule 'Windows Manage Hosts File Injection'...
Empty sockets counter in nworks Enterprise Manager
VMware vCenter or hosts have been added into Enterprise Manager and the amount of sockets is displayed correctly; however, once the maintenance procedure has been performed against the hosts and the hosts are restarted, then some of the hosts become unlicensed Enterprise Manager shows "0" instead...
Nmap-scanner
This module requires argument like: "Target Host" or IP address to work. A port Scanner uses raw IP packets in novel ways to determine what hosts are available on the network It was designed to rapidly scan large networks, but works fine against single hosts Nmap "Network Mapper" is an open sourc...
Fedora Update for cherokee FEDORA-2011-12687
Check for the Version of cherokee OpenVAS Vulnerability Test Fedora Update for cherokee FEDORA-2011-12687 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Fedora Update for cherokee FEDORA-2011-12698
Check for the Version of cherokee OpenVAS Vulnerability Test Fedora Update for cherokee FEDORA-2011-12698 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...