EulerOS 2.0 SP2 : httpcomponents-client (EulerOS-SA-2019-2518)

According to the version of the httpcomponents-client package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout...

Atlassian Confluence 6.15.1 Directory Traversal

Exploit Title: Atlassian Confluence 6.15.1 - Directory Traversal Metasploit Google Dork: N/A Date: 2019-11-11 Exploit Author: max7253 Vendor Homepage: https://www.atlassian.com Software Link: https://www.atlassian.com/software/confluence/download-archives Version: 6.15.1 Tested on: Microsoft...

Ajenti 2.1.31 Remote Code Execution

Exploit Title: Ajenti 2.1.31 - Remote Code Exection Metasploit Date: 2019-10-29 Exploit Author: Onur ER Vendor Homepage: http://ajenti.org/ Software Link: https://github.com/ajenti/ajenti Version: 2.1.31 Tested on: Ubuntu 19.10 This module requires Metasploit: https://metasploit.com/download...

EulerOS 2.0 SP3 : jakarta-commons-httpclient (EulerOS-SA-2019-2027)

According to the version of the jakarta-commons-httpclient package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout...

Security Bulletin: Information disclosure in Apache Commons HttpClient may affect WebSphere Application Server as part of IBM InfoSphere Identity Insight (CVE-2012-5783)

Summary There is a potential information disclosure in Apache Commons HttpClient used by WebSphere Application Server shipped as part of IBM InfoSphere Identity Insight. Vulnerability Details CVEs: CVE-2012-5783 Link to security bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg22016216...

Baldr Botnet Panel Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/http' class MetasploitModule "Baldr Botnet Panel Shell Upload Exploit", 'Description' = %q This module exploits the file upload vulnerability of baldr malwa...

Apache Tomcat CGIServlet enableCmdLineArguments Remote Code Execution Exploit

This Metasploit module exploits a vulnerability in Apache Tomcat's CGIServlet component. When the enableCmdLineArguments setting is set to true, a remote user can abuse this to execute system commands, and gain remote code execution. This module requires Metasploit: https://metasploit.com/downloa...

Security Bulletin: An HttpClient security vulnerability has been identified with the embedded Content Manager used by IBM Business Automation Workflow (CVE-2012-5783)

Summary IBM Business Automation Workflow has addressed the following security vulnerability with the embedded Content Manager. Apache Commons HttpClient could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the...

AROX School-ERP Pro - Unauthenticated Remote Command Execution Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "AROX School-ERP Pro Unauthenticated Remote Code Execution", 'Description' = %q This module exploits a command execution vulnerability in AROX...

Oracle Weblogic Server - 'AsyncResponseService' Deserialization Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle Weblogic Server Deserialization RCE - AsyncResponseService ', 'Description' = %q An unauthenticated attacker with network access to the...

Ruby On Rails - DoubleTap Development Mode secret_key_base Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ruby On Rails DoubleTap Development Mode secretkeybase Vulnerability', 'Description' = %q This module exploits a vulnerability in Ruby on Rails. ...

IBM BigFix Relay Server Sites and Package Enum

This module retrieves masthead, site, and available package information from IBM BigFix Relay Servers. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'IBM BigFix Relay Server Sites and Package...

Security Bulletin: Information disclosure in Apache Commons HttpClient used by WebSphere Application Server (CVE-2012-5783)

Summary There is a potential information disclosure in Apache Commons HttpClient used by WebSphere Application Server. Vulnerability Details CVEID: CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, could all...

Security update for java-11-openjdk (important)

openSUSE Security Update: Security update for java-11-openjdk Announcement ID: openSUSE-SU-2019:0161-1 Rating: important References: 1120431 1122293 1122299 Cross-References: CVE-2018-11212 CVE-2019-2422 CVE-2019-2426 Affected Products: openSUSE Leap 15.0 An update that fixes three vulnerabilitie...

Security Bulletin: Multiple vulnerabilities affect IBM Tivoli Monitoring embedded WebSphere Application Server

Summary The following security issues have been identified in the WebSphere Application Server included as part of IBM Tivoli Monitoring ITM portal server. Vulnerability Details CVEID: CVE-2015-0899 DESCRIPTION: Apache Struts could allow a remote attacker to bypass security restrictions, caused b...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway

Summary IBM WebSphere Application Server is shipped as a component of IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway. Information about multiple security vulnerabilities affecting IBM WebSphere Application Server have been published in security...

Webmin 1.900 Remote Command Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Webmin 1.900 - Remote Command Execution', 'Description' = %q This module exploits an arbitrary command execution...

Security Bulletin: IBM FileNet Content Manager affected by Apache HttpClient security vulnerability

Summary Security vulnerability may affect Apache HttpClient used by IBM FileNet Content Manager. Vulnerability Details CVEID: CVE-2012-5783 DESCRIPTION: Apache Commons HttpClient could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname...

Improper Certificate Common Name Verification Allows Spoofing SSL Servers

org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows...

Man In The Middle (MitM) Attacks Are Possible With Spoofed SSL Servers

http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via...