EulerOS 2.0 SP9 : python-pip (EulerOS-SA-2024-2379)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect...

EulerOS 2.0 SP10 : python-pip (EulerOS-SA-2024-2428)

According to the versions of the python-pip packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect...

Huawei EulerOS: Security Advisory for python-pip (EulerOS-SA-2024-2428)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

urllib3: proxy-authorization request header is not stripped during cross-origin redirects

A flaw was found in urllib3, an HTTP client library for Python. In certain configurations, urllib3 does not treat the Proxy-Authorization HTTP header as one carrying authentication material. This issue results in not stripping the header on cross-origin redirects...

RIPS Scanner Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'RIPS Scanner Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability in the RIPS Scanner v0.54, allowin...

Radware AppDirector Bruteforce Login Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Radware AppDirector Bruteforce Login Utility', 'Description' = % This module scans for Radware AppDirector's web login portal, and performs login...

SAP /sap/bc/soap/rfc SOAP Service RFC_SYSTEM_INFO Function Sensitive Information Gathering

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspired by, or is a port of a plugin available in the Onapsis Bizploit Opensource ERP Penetration Testing framework -...

Sentry Switched CDU Bruteforce Login Utility

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sentry Switched CDU Bruteforce Login Utility', 'Description' = % This module scans for ServerTech's Sentry Switched CDU Cabinet Power Distributio...

ES File Explorer Open Port

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ES File Explorer Open Port', 'Description' = %q This module connects to ES File Explorer's HTTP server to run certain commands. The HTTP server i...

Symantec Messaging Gateway 9.5 Log File Download

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Symantec Messaging Gateway 9.5 Log File Download Vulnerability', 'Description' = %q This module will download a file of your choice against...

TVT NVMS-1000 Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TVT NVMS-1000 Directory Traversal', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability which exists in...

Apple TV Image Remote Control

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apple TV Image Remote Control', 'Description' = %q This module will show an image on an AppleTV device for a period of time. Some AppleTV devices...

Linksys WRT120N TmUnblock Stack Buffer Overflow

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linksys WRT120N tmUnblock Stack Buffer Overflow', 'Description' = %q This module exploits a stack-based buffer overflow vulnerability in the...

AlienVault Authenticated SQL Injection Arbitrary File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "AlienVault Authenticated SQL Injection Arbitrary File Read", 'Description' = %q AlienVault 4.6.1 and below is susceptible to an authenticated SQL...

HTTP Client Automatic Exploiter 2 (Browser Autopwn)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "HTTP Client Automatic Exploiter 2 Browser Autopwn", 'Description' = %q This module will automatically serve browser exploits. Here are the option...

Tomcat UTF-8 Directory Traversal

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Tomcat UTF-8 Directory Traversal Vulnerability', 'Description' = %q This module tests whether a directory traversal vulnerability is present in...

Peplink Balance Routers SQL Injection

class MetasploitModule 'Peplink Balance routers SQLi', 'Description' = %q Firmware versions up to 7.0.0-build1904 of Peplink Balance routers are affected by an unauthenticated SQL injection vulnerability in the bauth cookie, successful exploitation of the vulnerability allows an attacker to...

MongoDB Ops Manager Diagnostic Archive Sensitive Information Retriever

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'digest/md5' require 'zlib' class MetasploitModule 'MongoDB Ops Manager Diagnostic Archive Sensitive Information Retriever', 'Description' = %q MongoDB Ops Manag...

Limesurvey Unauthenticated File Download

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework for extracting files require 'zip' class MetasploitModule 'Limesurvey Unauthenticated File Download', 'Description' = %q This module exploits an unauthenticated file...

CBL Mariner 2.0 Security Update: python-pip / python-urllib3 / python3 (CVE-2023-45803)

The version of python-pip / python-urllib3 / python3 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-45803 advisory. - urllib3 is a user-friendly HTTP client library for Python. urllib3 previously...