67 matches found
CVE-2020-10544
An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFaces 7.0.11. In a web application using PrimeFaces, an attacker can provide JavaScript code in an input field whose data is later used as a tooltip title without any input validation...
EUVD-2021-1068
Malware in sbrugna...
Metasploit Weekly Wrap-Up 12/13/2024
It’s raining RCEs! It's the second week of December and the weather forecast announced another storm of RCEs in Metasploit-Framework land. This weekly release includes RCEs for Moodle e-Learning platform, Primefaces, WordPress Really Simple SSL and CyberPanel along with two modules to change...
Primefaces Remote Code Execution Exploit
This module exploits a Java Expression Language remote code execution flaw in the Primefaces JSF framework. Primefaces versions prior to 5.2.21, 5.3.8 or 6.0 are vulnerable to a padding oracle attack, due to the use of weak crypto and default encryption password and salt. Tested against Docker...
Multiple vulnerabilities in UNIVERSAL PASSPORT RX
Overview UNIVERSAL PASSPORT RX provided by Japan System Techniques Co., Ltd. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2023-42427 Dependency on vulnerable third-party component CWE-1395 Known vulnerability in Primefaces library used in the product Cross-sit...
JVN#43215077: Multiple vulnerabilities in UNIVERSAL PASSPORT RX
UNIVERSAL PASSPORT RX provided by Japan System Techniques Co., Ltd. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Base Score 5.4 CVE-2023-42427 Dependency on vulnerable third-party component CWE-1395 Known vulnerability in...
PrimeTek PrimeFaces Remote Code Execution (CVE-2017-1000486)
Binary data primetekprimefacescve-2017-1000486.nbin...
Cross-site Scripting (XSS)
primefaces is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization of the input values in AvatarRenderer.java allowing an attacker to inject maliciously crafted script via writeText function...
PrimeFaces 4.0.x < 4.0.25 / 5.x < 5.2.21 / 5.3.x < 5.3.8 Expression Language Injection
In affected versions of PrimeFaces, an expression language injection vulnerability exists that would allow an unauthenticated user to execute arbitrary code due to a weak encryption flaw. No source data...
Primetek Primefaces Remote Code Execution Vulnerability
Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution...
GHSA-J239-4GQG-5J54 Inadequate Encryption Strength
Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution...
Inadequate Encryption Strength
Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution...
GHSA-FW5F-7C6C-3VMV Cross-site Scripting in PrimeFaces
An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFaces 7.0.11. In a web application using PrimeFaces, an attacker can provide JavaScript code in an input field whose data is later used as a tooltip title without any input validation...
Cross-site Scripting in PrimeFaces
An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFaces 7.0.11. In a web application using PrimeFaces, an attacker can provide JavaScript code in an input field whose data is later used as a tooltip title without any input validation...
VulnCheck KEV: CVE-2017-1000486
Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution...
U.S. Dept Of Defense: RCE in ██████ subdomain via CVE-2017-1000486
Summary: The application at ████████/ftn-Website/ uses primefaces 5.3 but not 5.3.8, making it vulnerable to unauthenticated RCE CVE-2017-1000486. Step-by-step Reproduction Instructions 1. Get the publicly available POC for this vulnerability here: https://github.com/pimps/CVE-2017-1000486 2...
U.S. Dept Of Defense: RCE (Remote code execution) in one of DoD's websites
Summary: The targeted website is vulnerable to CVE-2017-1000486, by only running command was whoami to prove that the RCE exist has been run successfully on the target Description: The target uses a vulnerable version of primefaces : Primetek Primefaces 5.x, that is vulnerable to a weak encryptio...
Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution
Exploit Title: Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution Date: 2020-04-24 Vendor Homepage: https://www.tecnoredsa.com.ar Exploit Authors: LiquidWorm Software Link: https://dl.getpopcorntime.is/PopcornTime-latest.exe Version: 2.8.1 CVE : N/A !/usr/bin/env python3 -- coding: utf-8...
Furukawa Electric ConsciusMAP 2.8.1 Java Deserialization Remote Code Execution
Summary Apros Evoluation / Furukawa / ConsciusMap is the Tecnored provisioning system for FTTH networks. Complete administration of your entire external FTTH network plant, including from the ONUs installed in each end customer, to the wiring and junction boxes. Unify all the management of your...
Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution Exploit
Exploit for java platform in category web applications Exploit Title: Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution Vendor Homepage: https://www.tecnoredsa.com.ar Exploit Authors: LiquidWorm Software Link: https://dl.getpopcorntime.is/PopcornTime-latest.exe Version: 2.8.1 CVE : N/A...