TP-Link EAP Controller for Linux Authentication Bypass Vulnerability

TP-Link EAP Controller for Linux is a set of software for remote control of wireless AP access point devices based on Linux platform from China's TP-LINK. A security vulnerability exists in EAP Controller for Linux, which originates from the RMI interface not requiring authentication before use. ...

Authentication Bypass Vulnerability in Weetop CMS Backend

Weetop CMS is a web content management system developed by Hangzhou Tintop Technology Co. An authentication bypass vulnerability exists in the Weetop CMS V2.0 administration backend in the login session check processing mechanism. An attacker can bypass the forced jump without login by disabling...

Jenkins-CI Script-Console Java Execution

This module uses the Jenkins-CI Groovy script console to execute OS commands using Java. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Jenkins-CI Script-Console Java Execution', 'Description'...

PT-2014-3131 · Mozilla +1 · Mvel +1

Name of the Vulnerable Software and Affected Versions: JBoss Overlord Run Time Governance RTGov version 1.0 for JBossAS Description: The issue allows remote authenticated users to execute arbitrary Java code via an MVFLEX Expression Language MVEL expression. Recommendations: For JBoss Overlord Ru...

VMware Hyperic HQ Groovy Script-Console - Java Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'VMware Hyperic HQ...

VMware Hyperic HQ Groovy Script-Console Java Execution Vulnerability

This Metasploit module uses the VMware Hyperic HQ Groovy script console to execute OS commands using Java. Valid credentials for an application administrator user account are required. This Metasploit module has been tested successfully with Hyperic HQ 4.6.6 on Windows 2003 SP2 and Ubuntu 10.04...

VMware Hyperic HQ Groovy Script-Console Java Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'VMware Hyperic HQ...

VMware Hyperic HQ Groovy Script-Console Java Execution

This module uses the VMware Hyperic HQ Groovy script console to execute OS commands using Java. Valid credentials for an application administrator user account are required. This module has been tested successfully with Hyperic HQ 4.6.6 on Windows 2003 SP2 and Ubuntu 10.04 systems. This module...

Jenkins CI Script Console - Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Jenkins...

Struts2 vulnerability analysis of the Ognl expression characteristics of the initiator of the idea-vulnerability warning-the black bar safety net

0×0 1 Summary 0×0 2 background and principles of analysis 0×0 3 example simulation and tracking 0×0 4 Summary 0×0 1 Summary: In the Ognl expression, will be the brackets“”contains the variable content as a Ognl expression execution. Ognl expressions of this characteristic, triggering a new attack...

Squiggle 1.7 - SVG Browser Java Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Squiggle 1.7 SVG...

Novell-QuickFinder Server XSS

NULL CODE SERVICES www.nullcode.com.ar Hunting Security Bugs! +================================================================================================================================+ + Novell-QuickFinder Server //Cross-site scripting XSS Remote Java Execution Code +...

Ovidentia Cross Site Scripting

NULL CODE SERVICES www.nullcode.com.ar Hunting Security Bugs! +===================================================================================================================+ + Copyright 2008 - ovidentia //Cross-site scripting XSS Remote Java Execution +...

Opera Web Browser Multiple Vulnerabilities - Dec08 (Windows)

The host is installed with Opera web browser and is prone to multiple Vulnerabilities. OpenVAS Vulnerability Test $Id: secpodoperamultvulndec08win.nasl 6519 2017-07-04 14:08:14Z cfischer $ Opera Web Browser Multiple Vulnerabilities - Dec08 Windows Authors: Chandan S Copyright: Copyright c 2008...

GungHo LoadPrgAx vulnerable to arbitrary Java program execution

Overview LoadPrgAx ActiveX control from GungHo Online Entertainment, Inc. contains a vulnerability that allows an attacker to execute an arbitrary Java program. LoadPrgAx from GungHo Online Entertainment, Inc. is an ActiveX control that runs games provided by the company. LoadPrgAx contains a...

OpenOffice.org-base allows Denial-of-Service and command injection

HSQLDB before 1.8.0.9, as used in OpenOffice.org OOo 2 before 2.3.1, allows user-assisted remote attackers to execute arbitrary Java code via crafted database documents, related to "exposing static java methods."...

Immunity Canvas: OOO_230

Name| ooo230 ---|--- CVE| CVE-2007-4575 Exploit Pack| CANVAS Description| OpenOffice Database 2.3.0 Static Java Execution Notes| CVE Name: CVE-2007-4575 VENDOR: OpenOffice Repeatability: Infinite client side - no crash CVS URL: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4575 Date...

Adobe PhotoDeluxe does not adequately restrict Java execution

Overview A vulnerability exists in Adobe PhotoDeluxe that allows a malicious web page or HTML email message viewed with Microsoft Internet Explorer to obtain directory listings or potentially download and execute arbitrary code on the local system. Description Adobe PhotoDeluxe is an image...

Oracle XSQL servlet and xml-stylesheet allow executing java on the web server

Georgi Guninski security advisory 34, 2001 Oracle XSQL servlet and xml-stylesheet allow executing java on the web server Systems affected: Oracle XSQL servlet, installed by default Oracle 8.1.7 Windows 2000installation, probably other versions/platforms are affected because the servlet is written...

eudoraurl.txt

Date: Fri, 7 Aug 1998 13:40:54 -0400 From: "Stout, Bill" Subject: Eudora executes Java URL Eudora Pro 4.0 and 4.0.1 will execute Java from a URL. "The Eudora flaw came to light just a little more than a week after security researchers announced a similar problem in versions of Microsoft's Outlook...