Micro Focus UCMDB - Remote Code Execution

Micro Focus UCMDB is susceptible to remote code execution. Impacted products include Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions, and Operations Bridge containerized 2020.05, 2019.08, 2019.0...

Micro Focus Operations Bridge Reporter - Remote Code Execution

Micro Focus Operations Bridge Reporter 10.40 is susceptible to remote code execution. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials. id: CVE-2021-22502 info: name: Micro Focus...

EUVD-2001-0208

Malware in sbrugna...

NetIQ / Microfocus Performance Endpoint 5.1 Remote Root / SYSTEM

/ Exploit Title: NetIQ/Microfocus Performance Endpoint v5.1 - remote root/SYSTEM exploit Date: Jun 2007 Exploit Author: mu-b Vendor Homepage: https://www.microfocus.com/en-us/cyberres/identity-access-management Version: All Tested on: Windows / Solaris x86/SPARC CVE : 0day endpoint-pown-uni.c...

NetIQ Performance Endpoint v5.1 - remote root/SYSTEM Exploit

/ Exploit Title: NetIQ/Microfocus Performance Endpoint v5.1 - remote root/SYSTEM exploit Date: Jun 2007 Exploit Author: mu-b Vendor Homepage: https://www.microfocus.com/en-us/cyberres/identity-access-management Version: All Tested on: Windows / Solaris x86/SPARC CVE : 0day endpoint-pown-uni.c...

NetIQ/Microfocus Performance Endpoint v5.1 - remote root/SYSTEM exploit

/ Exploit Title: NetIQ/Microfocus Performance Endpoint v5.1 - remote root/SYSTEM exploit Date: Jun 2007 Exploit Author: mu-b Vendor Homepage: https://www.microfocus.com/en-us/cyberres/identity-access-management Version: All Tested on: Windows / Solaris x86/SPARC CVE : 0day endpoint-pown-uni.c...

Metasploit Wrap-Up

MicroFocus? More like MacroVuln MicroFocus’s Operations Bridge Manager is a security information and event management SIEM tool designed to collect and parse security logs from multiple disparate sources. OBM has a large attack surface—something Pedro Ribeiro was able to take advantage of with hi...

Exploit for Code Injection in Microfocus Arcsight_Logger

CVE-2020-11851 Remote Code Execution vulnerability on ArcSig...

microfocus.com Cross Site Scripting vulnerability OBB-1234101

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure

Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7690 CVE: CVE-2018-7690 CVSS: 6.5 Medium; AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CWE-639 Description...

MicroFocus Secure Messaging Gateway Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "MicroFocus Secure Messaging Gateway Remote Code Execution", 'Description' = %q This module exploits a SQL injection and command injection...

MicroFocus Secure Messaging Gateway Remote Code Execution Exploit

This Metasploit module exploits a SQL injection and command injection vulnerability in MicroFocus Secure Messaging Gateway. An unauthenticated user can execute a terminal command under the context of the web user. One of the user supplied parameters of API endpoint is used by the application...

Micro Focus Secure Messaging Gateway (SMG) 471 - Remote Code Execution (Metasploit)

Micro Focus Secure Messaging Gateway SMG 471 - Remote Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "MicroFocus Secure Messaging Gateway Remote Code Execution",...

MicroFocus Secure Messaging Gateway Remote Code Execution

This module exploits a SQL injection and command injection vulnerability in MicroFocus Secure Messaging Gateway. An unauthenticated user can execute a terminal command under the context of the web user. One of the user supplied parameters of API endpoint is used by the application without input...

microfocus.com XSS vulnerability

Open Bug Bounty ID: OBB-627918 Description| Value ---|--- Affected Website:| microfocus.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

software.microfocus.com XSS vulnerability

Open Bug Bounty ID: OBB-616427 Description| Value ---|--- Affected Website:| software.microfocus.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

microfocus.com XSS vulnerability

Open Bug Bounty ID: OBB-601708 Description| Value ---|--- Affected Website:| microfocus.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

microfocus.com XSS vulnerability

Open Bug Bounty ID: OBB-596671 Description| Value ---|--- Affected Website:| microfocus.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

microfocus.com XSS vulnerability

Open Bug Bounty ID: OBB-550236 Description| Value ---|--- Affected Website:| microfocus.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

login.software.microfocus.com XSS vulnerability

Open Bug Bounty ID: OBB-452960 Description| Value ---|--- Affected Website:| login.software.microfocus.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS...