EUVD-2015-6180

Malware in sbrugna...

CVE-2015-6237

The RPC service in Tripwire formerly nCircle IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and 1 enumerate users, 2 reset passwords, or 3 manipulate IP filter restrictions via crafted "privileged commands."...

CVE-2015-6237

CVE-2015-6237 affects Tripwire IP360 VnE Manager, versions 7.2.2 through 7.2.5. The RPC service exposes a remote XML-RPC API that bypasses authentication, enabling an unauthenticated attacker to enumerate users, reset passwords, and manipulate IP filter restrictions via crafted privileged command...

CVE-2015-6237

The RPC service in Tripwire formerly nCircle IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and 1 enumerate users, 2 reset passwords, or 3 manipulate IP filter restrictions via crafted "privileged commands."...

Tripwire IP360 authentication bypass

Authentication bypass, privilege escalation...

CVE-2015-6237 - Tripwire IP360 VnE Remote Administrative API Authentication Bypass/Privilege Acquisition Vulnerability

Document Title ================ Tripwire IP360 VnE Remote Administrative API Authentication Bypass/Privilege Acquisition Vulnerability Affected Products =================== Vendor: Tripwire Software/Appliance: IP360 VnE Vulnerability Manager Affected verified versions: v7.2.2 - v7.2.5 CVE =====...

Tripwire IP360 VnE Remote Administrative API Authentication Bypass Vulnerability

The IP350 VnE is susceptible to a remote XML-RPC authentication bypass vulnerability, which allows for specially crafted privileged commands to be remotely executed without authentication. The RPC service is available on the public HTTPS interface of the VnE by default, and cannot be disabled...