914 matches found
CVE-2017-1000396
Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. This library is widely used as a transitive dependency in Jenkins...
CVE-2017-1000402
Summary (supported by provided documents): Jenkins Swarm Plugin Client 3.4 and earlier bundled Apache Commons HttpClient with the vulnerability CVE-2012-6153, which causes improper verification of the server SSL certificate hostname. This leads to susceptibility to man‑in‑the‑middle attacks. The ...
CVE-2017-1000396
Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. This library is widely used as a transitive dependency in Jenkins...
CVE-2017-1000396
CVE-2017-1000396 affects Jenkins 2.73.1 and earlier (up to 2.83) via a bundled commons-httpclient where CVE-2012-6153 allowed MITM due to improper SSL hostname verification. The vulnerability is conveyed through transitive dependencies in plugins. The fix for CVE-2012-6153 was backported to the c...
CVE-2017-1000397
CVE-2017-1000397 affects Jenkins Maven Plugin versions up to 2.17, which bundled Commons HttpClient that is vulnerable to CVE-2012-6153 due to improper SSL certificate verification, enabling MITM attacks. The issue is tied to the plugin’s transitive dependency on Commons HttpClient; Maven Plugin ...
Synology Photostation 6.7.2-3429 - Remote Code Execution (Metasploit)
Synology Photostation 6.7.2-3429 - Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Synology PhotoStation Multiple Vulnerabilities", 'Description' = %q This modul...
DotNetNuke DreamSlider 01.01.02 - Arbitrary File Download (Metasploit)
DotNetNuke DreamSlider 01.01.02 - Arbitrary File Download Metasploit Exploit Title: DotNetNuke DreamSlider Arbitrary File Download Date: 23/01/2014 Author: Glafkos Charalambous Version: 01.01.02 Vendor: DreamSlider Vendor URL: http://www.dreamslider.com/ Google Dork:...
DotNetNuke DreamSlider 01.01.02 Arbitrary File Download
Exploit Title: DotNetNuke DreamSlider Arbitrary File Download Date: 23/01/2014 Author: Glafkos Charalambous Version: 01.01.02 Vendor: DreamSlider Vendor URL: http://www.dreamslider.com/ Google Dork: inurl:/DesktopModules/DreamSlider/ CVE: Description DotNetNuke DreamSlider Module prior to version...
Jenkins XStream Groovy classpath Deserialization Exploit
This Metasploit module exploits CVE-2016-0792 a vulnerability in Jenkins versions older than 1.650 and Jenkins LTS versions older than 1.642.2 which is caused by unsafe deserialization in XStream with Groovy in the classpath, which allows remote arbitrary code execution. The issue affects default...
pfSense 2.3.1_1 Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'pfSense authenticated group member RCE', 'Description' = %q pfSense, a free BSD based open source firewall distribution, version 's4squatch',...
CVE-2017-1000396
Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the commons-httpclient library with the vulnerability CVE-2012-6153 that incorrectly verified SSL certificates, making it susceptible to man-in-the-middle attacks. This library is widely used as a transitive dependency in Jenkins...
D-Link DIR-850L Unauthenticated Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'openssl' class MetasploitModule 'DIR-850L Unauthenticated OS Command Exec', 'Description' = %q This module leverages an unauthenticated credential disclosure...
Unspecified Vulnerability in Apache HttpClient
Apache HttpClient is the United States Apache Apache Software Foundation is used to provide efficient support for the HTTP protocol client programming toolkit. A security vulnerability exists in the http/impl/client/HttpClientBuilder.java file in version 4.3.x of Apache HttpClient prior to 4.3.1...
CVE-2013-4366
http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification...
Design/Logic Flaw
http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification...
CVE-2013-4366
http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification...
CVE-2013-4366
http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification...
DEBIAN-CVE-2013-4366
http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification...
UBUNTU-CVE-2013-4366
http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification...
CVE-2013-4366
http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification...