2972 matches found
The vulnerability of the `HttpUtils#getURLConnection` method in the Apache Calcite dynamic data management framework allows a attacker to execute a “man-in-the-middle” attack or gain unauthorized access to protected information.
The vulnerability of the HttpUtilsgetURLConnection method in the Apache Calcite dynamic data management framework is related to the absence of authentication procedures. Exploiting this vulnerability could allow an attacker to execute a “man-in-the-middle” attack or gain unauthorized access to...
Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server
weblogic-scan weblogic 漏洞扫描工具 妄想试图weblogic一把梭 目前检测的功能 - x console 页面探测 & 弱口令扫描 - x uuid页面的SSRF - x CVE-2017-10271 wls-wsat页面的反序列化 - x CVE-2018-2628 反序列化 - x CNVD-C-2019-48814 后期可以的话还会继续加功能的,主要是一些反序列化的poc真的不好写,我也不咋会.. USE 使用前请先填写config.py中的server参数...
SAP Solution Manager remote unauthorized OS commands execution
This module exploits the CVE-2020-6207 vulnerability within the SAP EEM servlet tcsmdagentapplicationeem of SAP Solution Manager SolMan running version 7.2. The vulnerability occurs due to missing authentication checks when submitting SOAP requests to the /EemAdminService/EemAdmin page to get...
Trojan-Dropper.Win32.Delf.p Missing Authentication
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/b02cc578d2e7f24fb67ec0afc42a9e13.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.Delf.p Vulnerability: Missing Authentication Description: Delf.p drops an...
Exploit for Path Traversal in Vmware Cloud_Foundation
CVE-2021-21972 CVE-2021-21972 Unauthorized RCE in VMware vCent...
Exploit for Path Traversal in Vmware Cloud_Foundation
cve-2021-21972 Usage Instructions p...
The vulnerability of the web server of industrial switches SCALANCE X-200, SCALANCE X-200IRT, and SCALANCE X-300 lies in the absence of authentication for a critical function, allowing a perpetrator to restart the vulnerable device.
The vulnerability of the web server of industrial switches SCALANCE X-200, SCALANCE X-200IRT, and SCALANCE X-300 is related to the absence of authentication for critical functions. Exploiting this vulnerability allows a remote attacker to reboot the vulnerable device...
(Pwn2Own) NETGEAR R7800 funjsq_httpd Missing Authentication for Critical Function Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the refreshstatus.aspx endpoint. The issue results from a lack of authentication required ...
Exploit for Path Traversal in Vmware Cloud_Foundation
CVE-2021-21972 checker VMware vCenter Server CVE-2021-21972...
Backdoor.Win32.Wollf.h Missing Authentication
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/4932471df98b0e94db076f2b1c0339bd.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Wollf.h Vulnerability: Missing Authentication Description: Wollf backdoor creates a...
CVE-2021-20662
Missing authentication for critical function in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to alter the setting information without the access privileges via unspecified vectors...
Exploit for Path Traversal in Vmware Cloud_Foundation
CVE-2021-21972-vCenter-6.5-7.0-RCE-POC poc Jus...
Multiple vulnerabilities in SolarView Compact
Overview SolarView Compact provided by Contec Co., Ltd. contains multiple vulnerabilities listed below. Exposure of information through directory listing CWE-548 - CVE-2021-20656 Improper access control CWE-284 - CVE-2021-20657 OS command injection CWE-78 - CVE-2021-20658 Unrestricted upload of...
JVN#37417423: Multiple vulnerabilities in SolarView Compact
SolarView Compact provided by Contec Co., Ltd. contains multiple vulnerabilities listed below. Exposure of information through directory listing CWE-548 - CVE-2021-20656 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N| Base Score: 3.5 CVSS v2|...
Backdoor.Win32.Cafeini.08.b Missing Authentication
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/8225bb6b430d5cdf523c4d0cabbe5793.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Cafeini.08.b Vulnerability: Missing Authentication Description: The backdoor is writt...
Acronis: Found multiple SAP NetWeaver vulnerable services
Summary: Hello Team, I found two redapi.acronis.com and redapi2.acronis.com sap Netweaver vulnerable services. They do not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system,...
CVE-2021-22652: Advantech iView Missing Authentication RCE (FIXED)
Advantech iView versions prior to 5.7.03.6112 suffer from an instance of "CWE-306: Missing Authentication For Critical Function." This vulnerability CVE-2021-22652 has a CVSSv3 score of 9.8, which is usually CRITICAL, since it effectively allows anyone who can connect to the iView server to run...
CVE-2021-22652
Access to the Advantech iView versions prior to v5.7.03.6112 configuration are missing authentication, which may allow an unauthorized attacker to change the configuration and obtain code execution...
Lucee Server Authorization Issues Vulnerability
An authorization issue vulnerability exists in Lucee Server that arises from a lack of authentication measures or insufficient authentication strength in a network system or product...
Backdoor.Win32.BackAttack.18 Missing Authentication
Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/c806d23f4343ab40cf897e9c38b5c1c3.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.BackAttack.18 Vulnerability: Multiple Vulnerabilities Description: BackAttack.18 v1.8...