CVE-2018-12537

CVE-2018-12537 affects Eclipse Vert.x core: HTTP header processing in Vert.x HttpServer and HttpClient between Vert.x 3.0 and 3.5.1 does not filter CRLF characters, enabling injection of arbitrary HTTP headers in requests/responses. The issue stems from improper CRLF neutralization. Red Hat’s adv...

Oracle GlassFish Server Open Source Edition 4.1 - Path Traversal (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Path Traversal in Oracle GlassFish Server Open Source Edition', 'Description' = %q This module exploits an unauthenticated directory traversal...

Hashicorp Consul Remote Command Execution via Rexec

This module exploits a feature of Hashicorp Consul named rexec. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Hashicorp Consul Remote Command Execution via Rexec", 'Description' = %q This...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Operations Analytics Predictive Insights (CVE-2012-5783)

Summary Websphere Application Server WAS is shipped as a component of IBM Operations Analytics Predictive Insights. Information about a security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Security Bulletin:...

Cisco ASA Directory Traversal

This module exploits a directory traversal vulnerability in Cisco's Adaptive Security Appliance ASA software and Firepower Threat Defense FTD software. It lists the contents of Cisco's VPN web service which includes directories, files, and currently logged in users. This module requires Metasploi...

CVE-2017-2589

It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store cookies are stored locally and are not passed between the client and the end URL which means all clients using that proxy are sharing the same cookies...

CVE-2017-2589

It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store cookies are stored locally and are not passed between the client and the end URL which means all clients using that proxy are sharing the same cookies...

CVE-2017-2589

It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store cookies are stored locally and are not passed between the client and the end URL which means all clients using that proxy are sharing the same cookies...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Security Policy Manager (CVE-2012-5783)

Summary IBM WebSphere Application Server WAS is shipped as a component of IBM Tivoli Security Policy Manager TSPM. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Case Manager (CVE-2012-5783)

Summary IBM WebSphere Application Server is shipped as a component of IBM Case Manager. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Security Bulletin:...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Security Key Lifecycle Manager (SKLM) (CVE-2012-5783)

Summary IBM WebSphere Application Server is shipped as a component of IBM Security Key Lifecycle Manager SKLM. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulleti...

Security Bulletin: IBM Tivoli Netcool Impact is affected by open source vulnerabilities

Summary IBM Tivoli Netcool Impact has addressed the following open source vulnerabilities. Vulnerability Details CVEID: CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, could allow a remote attacker to...

#ManageEngine Exchange Reporter Plus Unauthenticated Remote Code Execution Exploit

This Metasploit module exploits a remote code execution vulnerability that exists in Exchange Reporter Plus versions 5310 and below, caused by execution of bcp.exe file inside ADSHACluster servlet This module requires Metasploit: https://metasploit.com/download Current source:...

Manage Engine Exchange Reporter Plus - Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Manage Engine Exchange Reporter Plus Unauthenticated RCE', 'Description' = %q This module exploits a remote code execution vulnerability that...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM ILOG Optimization Decision Manager Enterprise (CVE-2012-5783)

Summary IBM WebSphere Application Server is shipped as a component of IBM ILOG ODM Enterprise. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Information...

Manage Engine Exchange Reporter Plus Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Manage Engine Exchange Reporter Plus Unauthenticated RCE', 'Description' = %q This module exploits a remote code execution vulnerability that...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2012-5783)

Summary IBM WebSphere Application Server is shipped as components of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the Security Bulletin Information disclosure in Apache...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Tivoli Netcool/OMNIbus WebGUI (CVE-2012-5783)

Summary Websphere Application Server WAS is shipped as a component of Tivoli Netcool/OMNIbus WebGUI. Information about a security vulnerability affecting WAS has been published in a security bulletin. Vulnerability Details Please consult the security bulletin Information disclosure in Apache...

Security Bulletin: Information disclosure in Apache Commons HttpClient used by WebSphere Application Server bundled with IBM WebSphere Application Server Patterns (CVE-2012-5783)

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin:...

IPConfigure Orchid VMS 2.0.5 - Directory Traversal Information Disclosure Exploit

Exploit for multiple platform in category web applications require 'msf/core' class MetasploitModule 'IPConfigure Orchid VMS %q Orchid Core VMS is vulnerable to a directory traversal attack. This affects Linux and Windows operating systems. This allows a remote, unauthenticated attacker to send...