Lucene search
K

123 matches found

0day.today
0day.today
added 2017/05/31 12:0 a.m.695 views

IBM Informix Dynamic Server / Informix Open Admin Tool - DLL Injection / Remote Code Execution / Hea

Exploit for windows platform in category web applications Vulnerabilities Summary The following advisory describes six 6 vulnerabilities found in Informix Dynamic Server and Informix Open Admin Tool. IBM Informix Dynamic Server Exceptional, low maintenance online transaction processing OLTP data...

10CVSS8.2AI score0.95707EPSS
Exploits14
NVD
NVD
added 2015/11/04 3:59 a.m.21 views

CVE-2015-6029

HP ArcSight Logger before 6.0 P2 does not limit attempts to authenticate to the SOAP interface, which makes it easier for remote attackers to obtain access via a brute-force approach...

5CVSS6.4AI score0.04439EPSS
Exploits0References3
Prion
Prion
added 2015/11/04 3:59 a.m.14 views

Design/Logic Flaw

HP ArcSight Logger before 6.0 P2 does not limit attempts to authenticate to the SOAP interface, which makes it easier for remote attackers to obtain access via a brute-force approach...

5CVSS7AI score0.04439EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2015/11/04 2:0 a.m.23 views

CVE-2015-6029

HP ArcSight Logger before 6.0 P2 does not limit attempts to authenticate to the SOAP interface, which makes it easier for remote attackers to obtain access via a brute-force approach...

6.4AI score0.04439EPSS
Exploits0References3
CERT
CERT
added 2015/10/19 12:0 a.m.40 views

HP ArcSight Logger contains multiple vulnerabilities

Overview HP ArcSight Logger contains multiple vulnerabilities, allowing authentication bypass and privilege escalation in certain scenarios. Description CWE-285: Improper Authorization- CVE-2015-2136A remote authenticated user without Logger Search permissions may be able to bypass authorization...

7.2CVSS7.6AI score0.04439EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2015/09/17 12:0 a.m.25 views

HP ArcSight Logger < 6.0 P2 Multiple Vulnerabilities

According to its self-reported version number, the version of HP ArcSight Logger installed on the remote host is prior to 6.0 P2. It is, therefore, affected by multiple vulnerabilities : - An authorization bypass vulnerability exists that allows an authenticated, remote attacker to bypass...

7.2CVSS5.8AI score0.04439EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2015/08/13 12:0 a.m.126 views

Cisco Unified Communications Manager Command Execution

Vantage Point Security Advisory 2015-001 ======================================== Title: Cisco Unified Communications Manager Multiple Vulnerabilities Vendor: Cisco Vendor URL: http://www.cisco.com/ Versions affected: Summary: -------- Cisco Unified Communications Manager CUCM offers services suc...

10CVSS0.99999EPSS
Exploits131
0day.today
0day.today
added 2015/06/02 12:0 a.m.510 views

D-Link Devices HNAP SOAPAction-Header Command Execution Exploit

Different D-Link Routers are vulnerable to OS command injection in the HNAP SOAP interface. Since it is a blind OS command injection vulnerability, there is no output for the executed command. This Metasploit module has been tested on a DIR-645 device. The following devices are also reported as...

10CVSS9.6AI score0.97101EPSS
Exploits2
Prion
Prion
added 2015/03/14 1:59 a.m.16 views

Authentication flaw

The SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to bypass authentication and read or write to arbitrary database fields via unspecified vectors...

7.5CVSS7.5AI score0.02575EPSS
Exploits0References1Affected Software1
Cisco
Cisco
added 2015/02/19 5:35 p.m.28 views

Cisco Hosted Collaboration Solution Unauthorized System Access Vulnerability

A vulnerability in the Simple Object Access Protocol SOAP Interface of the Cisco Hosted Collaboration Solution HCS could allow an unauthenticated, remote attacker to gain unauthorized access to a targeted system. An attacker could exploit the vulnerability by transmitting crafted Challenge SOAP...

4.3CVSS6.9AI score0.01078EPSS
Exploits0References1
NVD
NVD
added 2015/02/19 12:59 a.m.20 views

CVE-2015-0626

The SOAP interface in Cisco Hosted Collaboration Solution HCS allows remote attackers to obtain access to system-management tools via crafted Challenge SOAP calls, aka Bug ID CSCuc38114...

4.3CVSS6.6AI score0.01078EPSS
Exploits0References1
Prion
Prion
added 2015/02/19 12:59 a.m.18 views

Design/Logic Flaw

The SOAP interface in Cisco Hosted Collaboration Solution HCS allows remote attackers to obtain access to system-management tools via crafted Challenge SOAP calls, aka Bug ID CSCuc38114...

4.3CVSS7.1AI score0.01078EPSS
Exploits0References1
CVE
CVE
added 2015/02/19 12:0 a.m.65 views

CVE-2015-0626

The CVE-2015-0626 issue affects Cisco Hosted Collaboration Solution (HCS) via the SOAP interface. The vulnerability stems from the SOAP processing of Challenge SOAP calls, enabling an unauthenticated, remote attacker to obtain access to system-management tools on vulnerable HCS deployments. Explo...

4.3CVSS6.8AI score0.01078EPSS
Exploits0References1Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

SAP Management Console OSExecute Payload Execution

No description provided by source. $Id: sapmgmtconosexecpayload.rb 14048 2011-10-24 16:42:07Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/09/13 12:0 a.m.25 views

Juniper NSM Web Proxy SOAP Interface Detection

The remote host is running the Juniper NSM Web Proxy SOAP API, which allows 3rd party applications access to NSM servers. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid69876; scriptversion"$Revision: 1.2 $"; scriptcvsdate"$Date: 2017/05/16 19:43:12 $";...

5.5AI score
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2013/08/25 12:0 a.m.1 views

SAP NetWeaver SOAP Request SXPG_CALL_SYSTEM Command Execution

A remote command execution vulnerability has been reported in SAP NetWeaver's SOAP interface...

7.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2013/07/15 12:0 a.m.3 views

SAP NetWeaver SOAP Request SXPG_COMMAND_EXECUTE Command Execution

A remote command execution vulnerability has been reported in SAP NetWeaver's SOAP interface. The vulnerability is due to insufficient validation of incoming SOAP requests. A remote, authenticated attacker can exploit this vulnerability by sending a specially crafted SOAP request to the affected...

7.1AI score
Exploits0
0day.today
0day.today
added 2013/07/07 12:0 a.m.26 views

D-Link DIR-300/600/645/845/865 OS-Command Injection via UPnP Interface

Exploit for hardware platform in category web applications Title: OS-Command Injection via UPnP SOAP Interface in multiple D-Link devices Vendor: D-Link Devices: DIR-300 rev B / DIR-600 rev B / DIR-645 / DIR-845 / DIR-865 ============ Vulnerable Firmware Releases: ============ DIR-300 rev B -...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2013/07/07 12:0 a.m.37 views

D-Link - OS-Command Injection via UPnP Interface

Title: OS-Command Injection via UPnP SOAP Interface in multiple D-Link devices Vendor: D-Link Devices: DIR-300 rev B / DIR-600 rev B / DIR-645 / DIR-845 / DIR-865 ============ Vulnerable Firmware Releases: ============ DIR-300 rev B - 2.14b01 DIR-600 - 2.16b01 DIR-645 - 1.04b01 DIR-845 - 1.01b02...

7.4AI score
Exploits0
Metasploit
Metasploit
added 2013/05/12 1:46 p.m.35 views

SAP Management Console OSExecute Payload Execution

This module executes an arbitrary payload through the SAP Management Console SOAP Interface. A valid username and password for the SAP Management Console must be provided. This module has been tested successfully on both Windows and Linux platforms running SAP Netweaver. In order to exploit a Lin...

7.5AI score
Exploits0
Rows per page
Query Builder