CVE-2020-11852

DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway SMG. Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM syst...

Micro Focus Secure Messaging Gateway Command Injection (CVE-2020-11852)

A command injection vulnerability exists in Micro Focus Secure Messaging Gateway. The vulnerability is due to improper validation of SaveData parameter within managedomainssavedata.json.php...

CVE-2020-11852

DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway SMG. Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM syst...

CVE-2020-11852

DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway SMG. Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM syst...

CVE-2020-11852

CVE-2020-11852 is a command-injection vulnerability in Micro Focus Secure Messaging Gateway (SMG) affecting the DKIM key management page. The issue allows a logged-in user with rights to generate DKIM key information to inject system commands into the DKIM system command call. Affected are SMG Ap...

Micro Focus Secure Messaging Gateway SQL Injection (CVE-2018-12464)

A SQL injection vulnerability exists in Micro Focus Secure Messaging Gateway. The vulnerability is due to insufficient validation of user input. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

MicroFocus Secure Messaging Gateway Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "MicroFocus Secure Messaging Gateway Remote Code Execution", 'Description' = %q This module exploits a SQL injection and command injection...

MicroFocus Secure Messaging Gateway Remote Code Execution Exploit

This Metasploit module exploits a SQL injection and command injection vulnerability in MicroFocus Secure Messaging Gateway. An unauthenticated user can execute a terminal command under the context of the web user. One of the user supplied parameters of API endpoint is used by the application...

Micro Focus Secure Messaging Gateway (SMG) 471 - Remote Code Execution (Metasploit)

Micro Focus Secure Messaging Gateway SMG 471 - Remote Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "MicroFocus Secure Messaging Gateway Remote Code Execution",...

Micro Focus Secure Messaging Gateway (SMG) < 471 - Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "MicroFocus Secure Messaging Gateway Remote Code Execution", 'Description' = %q This module exploits a SQL injection and command injection...

Micro Focus Secure Messaging Gateway Detection

Detection of Micro Focus Secure Messaging Gateway. The script sends a connection request to the server and attempts to detect Micro Focus Secure Messaging Gateway. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by...

MicroFocus Secure Messaging Gateway Remote Code Execution

This module exploits a SQL injection and command injection vulnerability in MicroFocus Secure Messaging Gateway. An unauthenticated user can execute a terminal command under the context of the web user. One of the user supplied parameters of API endpoint is used by the application without input...

CVE-2018-12465

An OS command injection vulnerability in the web administration component of Micro Focus Secure Messaging Gateway SMG allows a remote attacker authenticated as a privileged user to execute arbitrary OS commands on the SMG server. This can be exploited in conjunction with CVE-2018-12464 to achieve...