25 matches found
CVE-2019-11393
An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged users to escalate their privileges to an administrator by requesting a password change and specifying the admin parameter...
EUVD-2014-6289
Malware in sbrugna...
EUVD-2014-6486
Malware in sbrugna...
EUVD-2019-3071
Malware in sbrugna...
SUSE CVE-2019-11393
An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged users to escalate their privileges to an administrator by requesting a password change and specifying the admin parameter...
M/Monit 3.7.4 Privilege Escalation
Title: M/Monit 3.7.4 - Privilege Escalation Author: Dolev Farhi Date: 2020-07-09 Vendor Homepage: https://mmonit.com/ Version : 3.7.4 import sys import requests url = 'http://youriphere:8080' username = 'test' password = 'test123' sess = requests.Session sess.gethost def login: print'Attempting t...
CVE-2019-11393
An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged users to escalate their privileges to an administrator by requesting a password change and specifying the admin parameter...
Default credentials
An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged users to escalate their privileges to an administrator by requesting a password change and specifying the admin parameter...
CVE-2019-11393
Affected product: M/Monit prior to version 3.7.3. Vulnerability: In /admin/users/update, unprivileged users can escalate to administrator by requesting a password change and supplying the admin parameter. Root cause: Privilege escalation through an unauthorized admin flag during password-change f...
CVE-2019-11393
An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged users to escalate their privileges to an administrator by requesting a password change and specifying the admin parameter...
M/Monit 3.7.2 Privilege Escalation
!/usr/env/python3 """ Vulnerability title: M/Monit = 3.7.2 - Privilege Escalation Author: Dolev Farhi Vulnerable version: 2.0.151021 Link: https://mmonit.com Date: 2/17/2019 """ import sys import requests MMONITURL = 'http://ip.add.re.ss:8080' MMONITUSER = 'monit' Default built in unprivileged us...
M/Monit 3.7.2 - Privilege Escalation Exploit
Exploit for multiple platform in category web applications !/usr/env/python3 """ Vulnerability title: M/Monit = 3.7.2 - Privilege Escalation Author: Dolev Farhi Vulnerable version: 2.0.151021 Link: https://mmonit.com Date: 2/17/2019 """ import sys import requests MMONITURL =...
M/Monit 3.7.2 - Privilege Escalation
!/usr/env/python3 """ Vulnerability title: M/Monit = 3.7.2 - Privilege Escalation Author: Dolev Farhi Vulnerable version: 2.0.151021 Link: https://mmonit.com Date: 2/17/2019 """ import sys import requests MMONITURL = 'http://ip.add.re.ss:8080' MMONITUSER = 'monit' Default built in unprivileged us...
CVE-2014-6409
Cross-site request forgery CSRF vulnerability in M/Monit 3.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that change user passwords via the fullname and password parameters to /admin/users/update...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in M/Monit 3.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that change user passwords via the fullname and password parameters to /admin/users/update...
Design/Logic Flaw
M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability than CVE-2014-6409...
CVE-2014-6409
Cross-site request forgery CSRF vulnerability in M/Monit 3.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that change user passwords via the fullname and password parameters to /admin/users/update...
CVE-2014-6607
M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and password parameters, a different vulnerability than CVE-2014-6409...
CVE-2014-6409
CVE-2014-6409 is a CSRF vulnerability in M/Monit 3.3.2 and earlier. The issue allows an attacker to hijack administrator sessions and trigger password changes by submitting requests to /admin/users/update with fullname and password parameters. The root cause is lack of sufficient CSRF protection ...
CVE-2014-6607
CVE-2014-6607 affects M/Monit 3.3.2 and earlier. The issue is a CSRF vulnerability where an attacker can change any user’s password via the fullname and password parameters to /admin/users/update because the application does not verify the original password before changing it. Impact is remote co...