EUVD-2015-8832

Malware in sbrugna...

HP SiteScope SOAP Call GetFileInternal Remote File Access

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HP SiteScope SOAP Call getFileInternal Remote File Access', 'Description' = %q This module exploits an authentication bypass vulnerability in HP...

Improper Restriction of XML External Entity Reference in ladon

Ladon since 0.6.1 since ebef0aae48af78c159b6fce81bc6f5e7e0ddb059 is affected by: XML External Entity XXE. The impact is: Information Disclosure, reading files and reaching internal network endpoints. The component is: SOAP request handlers. For instance:...

CVE-2019-1010268

Ladon since 0.6.1 since ebef0aae48af78c159b6fce81bc6f5e7e0ddb059 is affected by: XML External Entity XXE. The impact is: Information Disclosure, reading files and reaching internal network endpoints. The component is: SOAP request handlers. For instance:...

Xxe

Ladon since 0.6.1 since ebef0aae48af78c159b6fce81bc6f5e7e0ddb059 is affected by: XML External Entity XXE. The impact is: Information Disclosure, reading files and reaching internal network endpoints. The component is: SOAP request handlers. For instance:...

CVE-2019-1010268

Ladon since 0.6.1 since ebef0aae48af78c159b6fce81bc6f5e7e0ddb059 is affected by: XML External Entity XXE. The impact is: Information Disclosure, reading files and reaching internal network endpoints. The component is: SOAP request handlers. For instance:...

CVE-2015-8978

In Soap Lite aka the SOAP::Lite extension for Perl 1.14 and earlier, an example attack consists of defining 10 or more XML entities, each defined as consisting of 10 of the previous entity, with the document consisting of a single instance of the largest entity, which expands to one billion copie...

ESA-2014-160: RSA® Adaptive Authentication (On-Premise) Authentication Bypass Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-160: RSA® Adaptive Authentication On-Premise Authentication Bypass Vulnerability EMC Identifier: ESA-2014-160 CVE Identifier: CVE-2014-4631 Severity Rating: CVSS: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Affected Products: RSA Adaptive Authentication...

CVE-2014-4631

RSA Adaptive Authentication On-Premise 6.0.2.1 through 7.1 P3, when using device binding in a Challenge SOAP call or using the RSA Adaptive Authentication Integration Adapters with Out-of-Band Phone Authentify functionality, conducts permanent device binding even when authentication fails, which...

PHP 5.5.x < 5.5.8 Multiple Vulnerabilities

According to its banner, the version of PHP 5.5.x installed on the remote host is a version prior to 5.5.8. It is, therefore, potentially affected by the following vulnerabilities : - A heap-based buffer overflow error exists in the file 'ext/date/lib/parseisointervals.c' related to handling...

Hewlett-Packard SiteScope SOAP Call runOMAgentCommand Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists within APIBSMIntegrationImpl's processing of the runOMAgentCommand which can be invoked through...

HP SiteScope SOAP Call APIPreferenceImpl Security Bypass

Added: 10/22/2012 CVE: CVE-2012-3261 BID: 55269 OSVDB: 85796 Background HP SiteScope is an agentless software application used to monitor the availability and performance of distributed IT infrastructures including servers, operating systems, network and Internet services, applications and...

HP SiteScope SOAP Call APIPreferenceImpl Security Bypass

Added: 10/22/2012 CVE: CVE-2012-3261 BID: 55269 OSVDB: 85796 Background HP SiteScope is an agentless software application used to monitor the availability and performance of distributed IT infrastructures including servers, operating systems, network and Internet services, applications and...

HP SiteScope SOAP Call APIPreferenceImpl Security Bypass

Added: 10/22/2012 CVE: CVE-2012-3261 BID: 55269 OSVDB: 85796 Background HP SiteScope is an agentless software application used to monitor the availability and performance of distributed IT infrastructures including servers, operating systems, network and Internet services, applications and...

HP SiteScope SOAP Call APISiteScopeImpl Multiple Information Disclosures

Two access control weaknesses have been reported in HP SiteScope...

HP SiteScope SOAP Call getSiteScopeConfiguration Configuration Access

This module exploits an authentication bypass vulnerability in HP SiteScope which allows to retrieve the HP SiteScope configuration, including administrative credentials. It is accomplished by calling the getSiteScopeConfiguration operation available through the APISiteScopeImpl AXIS service. The...

HP SiteScope SOAP Call getFileInternal Remote File Access

This module exploits an authentication bypass vulnerability in HP SiteScope to retrieve an arbitrary file from the remote server. It is accomplished by calling the getFileInternal operation available through the APISiteScopeImpl AXIS service. This module has been successfully tested on HP SiteSco...

ZDI-12-173 : &#40;0Day&#41; HP SiteScope SOAP Call getSiteScopeConfiguration Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-173 : 0Day HP SiteScope SOAP Call getSiteScopeConfiguration Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-173 August 29, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors:...

ZDI-12-175 : &#40;0Day&#41; HP SiteScope SOAP Call create Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-175 : 0Day HP SiteScope SOAP Call create Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-175 August 29, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: Hewlett-Packard - ...

(0Day) HP SiteScope SOAP Call update Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP SiteScope. Authentication is not required to exploit this vulnerability. The specific flaw exists because HP SiteScope allows unauthenticated SOAP calls to be made to the SiteScope service. One ...