CVE-2013-4366

CVE-2013-4366 concerns http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1, where the code does not ensure that the X509HostnameVerifier is non-null. This can allow attackers to trigger unspecified impact via vectors involving hostname verification. Connected documents...

CVE-2013-4366

http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x before 4.3.1 does not ensure that X509HostnameVerifier is not null, which allows attackers to have unspecified impact via vectors involving hostname verification...

Netgear DGN1000 Setup.cgi Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netgear DGN1000 Setup.cgi Unauthenticated RCE', 'Description' = %q This module exploits an unauthenticated OS command execution vulneralbility in...

Netgear DGN1000 Setup.cgi Unauthenticated RCE

This module exploits an unauthenticated OS command execution vulneralbility in the setup.cgi file in Netgear DGN1000 firmware versions up to 1.1.00.48, and DGN2000v1 models. This module requires Metasploit: https://metasploit.com/download Current source:...

LAquis SCADA 4.1.0.2385 Directory Traversal

require 'msf/core' class MetasploitModule 'LAquis SCADA Web Server Directory Traversal Information Disclosure', 'Description' = %q This module exploits a directory traversal vulnerability found in the LAquis SCADA application. The vulnerability is triggered when sending a series of dot dot slashe...

LAquis SCADA 4.1.0.2385 - Directory Traversal Exploit

Exploit for multiple platform in category remote exploits require 'msf/core' class MetasploitModule 'LAquis SCADA Web Server Directory Traversal Information Disclosure', 'Description' = %q This module exploits a directory traversal vulnerability found in the LAquis SCADA application. The...

DenyAll WAF < 6.3.0 - Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "DenyAll Web Application Firewall Remote Code Execution", 'Description' = %q This module exploits the command injection vulnerability of DenyAll We...

Carel PlantVisor 2.4.4 - Directory Traversal Information Disclosure Exploit

Exploit for windows platform in category web applications require 'msf/core' class MetasploitModule 'Carel email protected Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability found in Carel email protected 'james fitts' , 'License' = MSFLICENSE,...

Trend Micro Control Manager - ImportFile Directory Traversal Remote Code Execution (Metasploit)

Trend Micro Control Manager - ImportFile Directory Traversal Remote Code Execution Metasploit require 'msf/core' require 'msf/core/exploit/phpexe' class MetasploitModule 'Trend Micro Control Manager importFile Directory Traversal RCE', 'Description' = %q This module exploits a directory traversal...

Carel PlantVisor 2.4.4 - Directory Traversal Information Disclosure (Metasploit)

Carel PlantVisor 2.4.4 - Directory Traversal Information Disclosure Metasploit require 'msf/core' class MetasploitModule 'Carel Pl@ntVisor Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability found in Carel Pl@ntVisor 'james fitts' , 'License' =...

Alienvault OSSIM av-centerd 4.7.0 - (get_log_line) Command Injection Exploit

Exploit for linux platform in category remote exploits require 'msf/core' require 'rexml/document' class MetasploitModule 'Alienvault OSSIM av-centerd Command Injection getlogline', 'Description' = %q This module exploits a command injection flaw found in the getlogline function found within...

Alienvault OSSIM av-centerd Util.pm sync_rserver - Command Execution Exploit

Exploit for linux platform in category remote exploits require 'msf/core' class MetasploitModule 'Alienvault OSSIM av-centerd Util.pm syncrserver Command Execution', 'Description' = %q This module exploits a command injection vulnerability found within the syncrserver function in Util.pm. The...

Infinite Automation Mango Automation - Command Injection (Metasploit)

require 'msf/core' class MetasploitModule 'Infinite Automation Mango Automation Command Injection', 'Description' = %q This module exploits a command injection vulnerability found in Infinite Automation Systems Mango Automation v2.5.0 - 2.6.0 beta builds prior to 430. , 'Author' = 'james fitts' ,...

Advantech SUSIAccess <= 3.0 - Directory Traversal / Information Disclosure Exploit

Exploit for jsp platform in category web applications require 'msf/core' class MetasploitModule 'Advantech SUSIAccess Server Directory Traversal Information Disclosure', 'Description' = %q This module exploits an information disclosure vulnerability found in Advantech SUSIAccess 'james fitts' ,...

Advantech SUSIAccess 3.0 - Directory Traversal Information Disclosure (Metasploit)

Advantech SUSIAccess 3.0 - Directory Traversal Information Disclosure Metasploit require 'msf/core' class MetasploitModule 'Advantech SUSIAccess Server Directory Traversal Information Disclosure', 'Description' = %q This module exploits an information disclosure vulnerability found in Advantech...

Advantech SUSIAccess &lt; 3.0 - Directory Traversal / Information Disclosure (Metasploit)

require 'msf/core' class MetasploitModule 'Advantech SUSIAccess Server Directory Traversal Information Disclosure', 'Description' = %q This module exploits an information disclosure vulnerability found in Advantech SUSIAccess 'james fitts' , 'License' = MSFLICENSE, 'References' = 'CVE', '2016-934...

CVE-2017-2589

It was discovered that the hawtio servlet uses a single HttpClient instance to proxy requests with a persistent cookie store cookies are stored locally and are not passed between the client and the end URL which means all clients using that proxy are sharing the same cookies...

Sonicwall 8.1.0.2-14sv - sitecustomization.cgi Command Injection (Metasploit)

Sonicwall 8.1.0.2-14sv - sitecustomization.cgi Command Injection Metasploit Exploit Title: Sonicwall importlogo/sitecustomization CGI Remote Command Injection Vulnerablity Date: 12/25/2016 Exploit Author: xort @ Critical Start Vendor Homepage: www.sonicwall.com Software Link:...

Insecure Hostname Verification Defaults

httpclient has insecure hostname verification defaults. If a X509HostnameVerifier is not provided, httpclient would default to having no hostname verification...

Netgear DGN2200 - dnslookup.cgi Command Injection Exploit

Exploit for cgi platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'net/http' require "base64" class MetasploitModule "Netgear DGN2200 dnslookup.cgi Command Injection",...