914 matches found
CVE-2012-5783
Apache Commons HttpClient 3.x (as used in Amazon FPS Java SDK and related products) is affected by CVE-2012-5783: the code does not verify that the server hostname matches the CN/subjectAltName in the X.509 certificate, enabling potential MITM spoofing with arbitrary certificates. AIX advisories,...
CVE-2012-5783
Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle...
UBUNTU-CVE-2012-5783
Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service FPS merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle...
ManageEngine Security Manager Plus 5.5 build 5505 - Remote SYSTEM SQL Injection (Metasploit)
ManageEngine Security Manager Plus 5.5 build 5505 - Remote SYSTEM SQL Injection Metasploit This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of us...
AjaXplorer checkInstall.php Remote Command Execution
This module exploits an arbitrary command execution vulnerability in the AjaXplorer 'checkInstall.php' script. All versions of AjaXplorer prior to 2.6 are vulnerable. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...
PhpTax pfilez Parameter Exec Remote Code Injection
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "PhpTax pfilez...
ZEN Load Balancer Filelog Command Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "ZEN Load Balancer...
ZEN Load Balancer Filelog Command Execution
Exploit for linux platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
E-Mail Security Virtual Appliance learn-msg.cgi Command Injection
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "E-Mail Security...
Zenoss 3 showDaemonXMLConfig Command Execution
This module exploits a command execution vulnerability in Zenoss 3.x which could be abused to allow authenticated users to execute arbitrary code under the context of the 'zenoss' user. The showdaemonxmlconfigs function in the 'ZenossInfo.py' script calls Popen with user controlled data from the...
SAP Management Console GetProcessList
This module attempts to list SAP processes through the SAP Management Console SOAP Interface This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SAP Management Console GetProcessList', 'Description...
EGallery PHP File Upload Vulnerability
Exploit for php platform in category web applications This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
Umbraco CMS Remote Command Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Umbraco CMS Remote Command Execution'...
Atlassian Crowd XML Entity Expansion Remote File Access
This module simply attempts to read a remote file from the server using a vulnerability in the way Atlassian Crowd handles XML files. The vulnerability occurs while trying to expand external entities with the SYSTEM identifier. This module has been tested successfully on Linux and Windows...
WordPress Plugin Foxypress - 'Uploadify.php' Arbitrary Code Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'WordPress plugin Foxypress...
WeBid - 'converter.php' Remote PHP Code Injection (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'WeBid converter.php Remote PHP Code...
WebCalendar 1.2.4 Pre-Auth Remote Code Injection
Exploit for linux platform in category web applications This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
FreePBX 2.10.0 / 2.9.0 callmenum Remote Code Execution
Exploit for php platform in category web applications This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core'...
Sockso Music Host Server 1.5 Directory Traversal
This module exploits a directory traversal bug in Sockso on port 4444. This is done by using "../" in the path to retrieve a file on a vulnerable machine. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
LotusCMS 3.0 eval() Remote Command Execution
Exploit for php platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...