Lucene search
K

54 matches found

CVE
CVE
added 2018/08/28 5:0 p.m.48 views

CVE-2018-15529

Summary: CVE-2018-15529 affects Mutiny Monitoring Appliance (maintenance.cgi). An authenticated admin-user can inject arbitrary commands via the filename of a system upgrade upload. Vulnerable versions: before 6.1.0-5263. Impact: command execution with the privileges of the authenticated user (pa...

8.8CVSS8.7AI score0.04757EPSS
Exploits0References4Affected Software1
Talos Blog
Talos Blog
added 2018/01/03 9:26 a.m.194 views

Tutorial: Mutiny Fuzzing Framework and Decept Proxy

Here's a basic demo video for our new opensource tools, Decept and Mutiny. Happy New Year ^^ Lilith Recently, Talos released new tools to assist in the monumental task of finding vulnerabilities in network applications. Mutiny and Decept work together to help researchers fuzz quickly and...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2017/12/19 11:0 a.m.115 views

Vulnerability Spotlight: VMWare VNC Vulnerabilities

Today, Talos is disclosing a pair of vulnerabilities in the VNC implementation used in VMWare's products that could result in code execution. VMWare implements VNC for its remote management, remote access, and automation purposes in VMWare products including Workstation, Player, and ESXi which...

6CVSS9.5AI score0.03571EPSS
Exploits2
Talos Blog
Talos Blog
added 2017/12/07 10:6 a.m.276 views

The Mutiny Fuzzing Framework and Decept Proxy

This blog post is authored by James Spadaro of Cisco ASIG and Lilith Wyatt of Cisco Talos. Imagine a scenario where you, as a vulnerability researcher, are tasked with auditing a network application to identify vulnerabilities. By itself, the task may not seem too daunting until you learn of a...

5CVSS8.1AI score0.03742EPSS
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.24 views

Mutiny Remote Command Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.24 views

Mutiny 5 Arbitrary File Upload

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

7.1AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2013/06/05 12:0 a.m.12 views

Mutiny FrontEnd Arbitrary File Upload (CVE-2013-0136)

A directory traversal vulnerability has been reported in EditDocument servlet file upload function from the frontend on the Mutiny 5 appliance. A directory traversal vulnerability in the same functionality allows for arbitrary file upload, which results in arbitrary code execution with root...

8.5CVSS7.4AI score0.40338EPSS
Exploits8
ATTACKERKB
ATTACKERKB
added 2013/06/01 2:21 p.m.4 views

CVE-2013-0136

Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service file deletion or renaming via 1 the uploadPath parameter...

8.5CVSS6AI score0.40338EPSS
Exploits8References5
Prion
Prion
added 2013/06/01 2:21 p.m.13 views

Directory traversal

Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service file deletion or renaming via 1 the uploadPath parameter...

8.5CVSS7.6AI score0.40338EPSS
Exploits8References2Affected Software1
Cvelist
Cvelist
added 2013/06/01 10:0 a.m.33 views

CVE-2013-0136

Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service file deletion or renaming via 1 the uploadPath parameter...

7.2AI score0.40338EPSS
Exploits8References2
CVE
CVE
added 2013/06/01 10:0 a.m.69 views

CVE-2013-0136

Mutiny Mutiny Frontend EditDocument servlet contains directory traversal weaknesses disclosed for the Mutiny 5 appliance. The vulnerability allows authenticated users to perform operations (UPLOAD, DELETE, CUT, COPY) via injected parameters (uploadPath, paths[], newPath) to read arbitrary files, ...

8.5CVSS7.3AI score0.40338EPSS
Exploits8References2Affected Software3
Check Point Advisories
Check Point Advisories
added 2013/05/29 12:0 a.m.14 views

Mutiny FrontEnd Arbitrary File Read and Delete (CVE-2013-0136)

A directory traversal vulnerability has been reported in EditDocument servlet from the frontend on the Mutiny 5 appliance. Commands for UPLOAD, DELETE, CUT and COPY are all vulnerable to directory traversal attacks...

8.5CVSS6.3AI score0.40338EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2013/05/21 12:0 a.m.15 views

Mutiny < 5.0-1.11 Multiple Directory Traversals

Binary data 6834.prm...

8.5CVSS7.3AI score0.40338EPSS
Exploits8References2
Exploit DB
Exploit DB
added 2013/05/17 12:0 a.m.29 views

Mutiny 5 - Arbitrary File Upload (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 /Apache-Coyote/ include...

8.5CVSS7AI score0.40338EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2013/05/17 12:0 a.m.25 views

Mutiny < 5.0-1.11 Multiple Directory Traversals

The remote server hosts a version of Mutiny prior to 5.0-1.11. It is, therefore, reportedly affected by multiple directory traversal vulnerabilities that could allow an authenticated attacker to upload, delete, and move files on the remote system with root privileges. The functions for UPLOAD,...

8.5CVSS5.5AI score0.40338EPSS
Exploits8References2
Packet Storm
Packet Storm
added 2013/05/16 12:0 a.m.29 views

Mutiny 5 Arbitrary File Upload

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 /Apache-Coyote/ include...

8.5CVSS0.4AI score0.40338EPSS
Exploits8
0day.today
0day.today
added 2013/05/16 12:0 a.m.40 views

Mutiny 5 Arbitrary File Upload Vulnerability

This Metasploit module exploits a code execution flaw in the Mutiny 5 appliance. The EditDocument servlet provides a file upload function to authenticated users. A directory traversal vulnerability in the same functionality allows for arbitrary file upload, which results in arbitrary code executi...

8.5CVSS7.3AI score0.40338EPSS
Exploits8
Metasploit
Metasploit
added 2013/05/15 2:2 p.m.38 views

Mutiny 5 Arbitrary File Read and Delete

This module exploits the EditDocument servlet from the frontend on the Mutiny 5 appliance. The EditDocument servlet provides file operations, such as copy and delete, which are affected by a directory traversal vulnerability. Because of this, any authenticated frontend user can read and delete...

8.5CVSS6.3AI score0.40338EPSS
Exploits8
Metasploit
Metasploit
added 2013/05/15 2:2 p.m.42 views

Mutiny 5 Arbitrary File Upload

This module exploits a code execution flaw in the Mutiny 5 appliance. The EditDocument servlet provides a file upload function to authenticated users. A directory traversal vulnerability in the same functionality allows for arbitrary file upload, which results in arbitrary code execution with roo...

8.5CVSS7.9AI score0.40338EPSS
Exploits8
CERT
CERT
added 2013/05/15 12:0 a.m.15 views

Mutiny Appliance contains multiple directory traversal vulnerabilities

Overview Mutiny appliance contains multiple directory traversal CWE-22 vulnerabilities. Description The Mutiny appliance commands for UPLOAD, DELETE, CUT and COPY are all vulnerable to directory traversal attacks. Additional details may be found in the Rapid7 blog post entitled, "New 1day Exploit...

8.5CVSS6.4AI score0.40338EPSS
Exploits8References2
Rows per page
Query Builder