37 matches found
CVE-2020-14574
Vulnerability in the Oracle Communications Interactive Session Recorder product of Oracle Communications Applications component: FACE. Supported versions that are affected are 6.1-6.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle...
CVE-2020-14574
CVE-2020-14574 affects Oracle Communications Interactive Session Recorder (component: FACE) in Oracle Communications Applications, versions 6.1–6.4. The connected documents state a vulnerability that, while difficult to exploit, could allow a high-privileged attacker with local logon to the infra...
Oracle January 2020 Critical Patch Update Multiple Vulnerabilities
Description Oracle has released advance notification regarding the January 2020 Critical Patch Update CPU to be released on January 14, 2020. The update addresses 333 vulnerabilities affecting the following software: Oracle Database Server, versions 12.2.0.1, 18c, 19c Oracle Communications Design...
The vulnerability of the PAN-OS operating system, related to the operation of data out of the buffer in memory, allows attackers to cause memory corruption.
The vulnerability of the PAN-OS operating system is related to the operation of data out of the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause memory corruption or service failures when the current client interactive session is re-executed...
Information disclosure
A vulnerability in the local CLI of the Cisco SD-WAN Solution could allow an authenticated, local attacker to escalate privileges and modify device configuration files. The vulnerability exists because user input is not properly sanitized for certain commands at the CLI. An attacker could exploit...
CVE-2019-1646 Privilege Escalation Vulnerability in Cisco SD-WAN Solution
A vulnerability in the local CLI of the Cisco SD-WAN Solution could allow an authenticated, local attacker to escalate privileges and modify device configuration files. The vulnerability exists because user input is not properly sanitized for certain commands at the CLI. An attacker could exploit...
CVE-2018-0284
A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the...
CVE-2018-0284 Cisco Meraki Local Status Page Privilege Escalation Vulnerability
A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the...
CVE-2018-0284 Cisco Meraki Local Status Page Privilege Escalation Vulnerability
A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the...
Hardware Bridge Session Connector
The Hardware Bridge HWBridge is a standardized method for Metasploit to interact with Hardware Devices. This extends the normal exploit capabilities to the non-ethernet realm and enables direct hardware and alternative bus manipulations. You must have compatible bridging hardware attached to this...
Windows Interactive Powershell Session, Reverse TCP
Listen for a connection and spawn an interactive powershell session This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/powershell' module MetasploitModule CachedSize = :dynamic include...
Windows Interactive Powershell Session, Bind TCP
Listen for a connection and spawn an interactive powershell session This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/powershell' Extends the Exec payload to run a powershell command module MetasploitModule...
MySQL Login Utility
This module simply queries the MySQL instance for a specific user/pass default is root with blank. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require...
Geeklog <= 1.6.0sr1 Remote Arbitrary File Upload Vulnerability
No description provided by source. ============================================================================== Geeklog = v1.6.0sr1 - Remote Arbitrary File Upload Software Site: http://www.geeklog.net Dork: "By Geeklog" "Created this page in" +seconds +powered inurl:publichtml...
Geeklog 1.6.0sr1 File Upload
============================================================================== Geeklog with the URL of the Geeklog site. Opens an interactive browser session where you can create directories and upload files. This also exposes all the files in the images/Library/File|Image|Media|Flash directories...
HTTP Proxy POST Request Relaying
The proxy allows the users to perform POST requests such as POST http://cvs.nessus.org:21 without any Content-length tag. This request may give an attacker the ability to have an interactive session. This problem may allow attackers to go through your firewall, by connecting to sensitive ports li...
HTTP Proxy CONNECT Request Relaying
The proxy allows users to perform CONNECT requests such as : CONNECT http://cvs.example.org:23 This request gives the person who made it the ability to have an interactive session with a third-party site. This issue may allow attackers to bypass your firewall by connecting to sensitive ports such...