54 matches found
CVE-2018-15529
Summary: CVE-2018-15529 affects Mutiny Monitoring Appliance (maintenance.cgi). An authenticated admin-user can inject arbitrary commands via the filename of a system upgrade upload. Vulnerable versions: before 6.1.0-5263. Impact: command execution with the privileges of the authenticated user (pa...
Tutorial: Mutiny Fuzzing Framework and Decept Proxy
Here's a basic demo video for our new opensource tools, Decept and Mutiny. Happy New Year ^^ Lilith Recently, Talos released new tools to assist in the monumental task of finding vulnerabilities in network applications. Mutiny and Decept work together to help researchers fuzz quickly and...
Vulnerability Spotlight: VMWare VNC Vulnerabilities
Today, Talos is disclosing a pair of vulnerabilities in the VNC implementation used in VMWare's products that could result in code execution. VMWare implements VNC for its remote management, remote access, and automation purposes in VMWare products including Workstation, Player, and ESXi which...
The Mutiny Fuzzing Framework and Decept Proxy
This blog post is authored by James Spadaro of Cisco ASIG and Lilith Wyatt of Cisco Talos. Imagine a scenario where you, as a vulnerability researcher, are tasked with auditing a network application to identify vulnerabilities. By itself, the task may not seem too daunting until you learn of a...
Mutiny Remote Command Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
Mutiny 5 Arbitrary File Upload
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
Mutiny FrontEnd Arbitrary File Upload (CVE-2013-0136)
A directory traversal vulnerability has been reported in EditDocument servlet file upload function from the frontend on the Mutiny 5 appliance. A directory traversal vulnerability in the same functionality allows for arbitrary file upload, which results in arbitrary code execution with root...
CVE-2013-0136
Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service file deletion or renaming via 1 the uploadPath parameter...
Directory traversal
Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service file deletion or renaming via 1 the uploadPath parameter...
CVE-2013-0136
Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service file deletion or renaming via 1 the uploadPath parameter...
CVE-2013-0136
Mutiny Mutiny Frontend EditDocument servlet contains directory traversal weaknesses disclosed for the Mutiny 5 appliance. The vulnerability allows authenticated users to perform operations (UPLOAD, DELETE, CUT, COPY) via injected parameters (uploadPath, paths[], newPath) to read arbitrary files, ...
Mutiny FrontEnd Arbitrary File Read and Delete (CVE-2013-0136)
A directory traversal vulnerability has been reported in EditDocument servlet from the frontend on the Mutiny 5 appliance. Commands for UPLOAD, DELETE, CUT and COPY are all vulnerable to directory traversal attacks...
Mutiny < 5.0-1.11 Multiple Directory Traversals
Binary data 6834.prm...
Mutiny 5 - Arbitrary File Upload (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 /Apache-Coyote/ include...
Mutiny < 5.0-1.11 Multiple Directory Traversals
The remote server hosts a version of Mutiny prior to 5.0-1.11. It is, therefore, reportedly affected by multiple directory traversal vulnerabilities that could allow an authenticated attacker to upload, delete, and move files on the remote system with root privileges. The functions for UPLOAD,...
Mutiny 5 Arbitrary File Upload
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 /Apache-Coyote/ include...
Mutiny 5 Arbitrary File Upload Vulnerability
This Metasploit module exploits a code execution flaw in the Mutiny 5 appliance. The EditDocument servlet provides a file upload function to authenticated users. A directory traversal vulnerability in the same functionality allows for arbitrary file upload, which results in arbitrary code executi...
Mutiny 5 Arbitrary File Read and Delete
This module exploits the EditDocument servlet from the frontend on the Mutiny 5 appliance. The EditDocument servlet provides file operations, such as copy and delete, which are affected by a directory traversal vulnerability. Because of this, any authenticated frontend user can read and delete...
Mutiny 5 Arbitrary File Upload
This module exploits a code execution flaw in the Mutiny 5 appliance. The EditDocument servlet provides a file upload function to authenticated users. A directory traversal vulnerability in the same functionality allows for arbitrary file upload, which results in arbitrary code execution with roo...
Mutiny Appliance contains multiple directory traversal vulnerabilities
Overview Mutiny appliance contains multiple directory traversal CWE-22 vulnerabilities. Description The Mutiny appliance commands for UPLOAD, DELETE, CUT and COPY are all vulnerable to directory traversal attacks. Additional details may be found in the Rapid7 blog post entitled, "New 1day Exploit...