EUVD-2020-9341

Malware in sbrugna...

EUVD-2016-0742

Malware in sbrugna...

CVE-2020-17388

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Tomcat...

The vulnerability of the SonicWall Analytics analytical service and the SonicWall Global Management System (GMS), a global network firewall management system, stems from the rigid encoding of application Tomcat’s configuration files. This allows attackers to exploit their privileges.

The vulnerability of the SonicWall Analytics analytical service and the SonicWall Global Management System GMS global network management system is related to the rigid encoding of application Tomcat’s configuration files. Exploiting this vulnerability can allow a malicious actor to increase their...

Exploit for Code Injection in Vmware Spring_Framework

Spring Boot CVE-2022-22965 Docker PoC for CVE-2022-22965 with...

Exploit for Code Injection in Vmware Spring_Framework

CVE-2022-22965 Spring Framework/CVE-2022-22965https://vuln...

CVE-2020-17388

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Tomcat...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Tomcat...

CVE-2020-17388

The CVE-2020-17388 issue affects Marvell QConvergeConsole 5.5.0.64. The root cause is a misconfigured Tomcat admin console without proper access restrictions, allowing an attacker to bypass authentication and execute code with SYSTEM privileges. Multiple sources (ZDI-20-975 and Red Hat/CVE aggreg...

CVE-2020-17388

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole 5.5.0.64. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Tomcat...

Marvell QConvergeConsole Remote Code Execution Vulnerability (CNVD-2020-46348)

Marvell QConvergeConsole QCC is a unified adapter management software across data centers from Marvell. The software is primarily used for Ethernet and Fibre Channel adapter management, among other things. A remote code execution vulnerability exists in the Tomcat configuration file in Marvell...

Marvell QConvergeConsole Exposed Dangerous Method or Function Remote Code Execution

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Marvell QConvergeConsole. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the Tomcat...

The vulnerability of the /usr/lib/tmpfiles.d/tomcat.conf component of the Tomcat package on the SUSE Linux Enterprise operating system allows a hacker to gain increased privileges.

The vulnerability of the /usr/lib/tmpfiles.d/tomcat.conf component of the Tomcat package in the SUSE Linux Enterprise operating system is related to errors in the use of standard permissions. Exploiting this vulnerability can allow an attacker to increase their privileges...

CVE-2016-0708

Applications deployed to Cloud Foundry, versions v166 through v227, may be vulnerable to a remote disclosure of information, including, but not limited to environment variables and bound service details. For applications to be vulnerable, they must have been staged using automatic buildpack...

tomcat: tomcat writable config files allow privilege escalation

It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges...

tomcat: Local privilege escalation via systemd-tmpfiles service

It was discovered that the Tomcat packages installed configuration file /usr/lib/tmpfiles.d/tomcat.conf writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges...

ManageEngine OpManager / Social IT - Arbitrary File Upload (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ManageEngine OpManager / Social IT Arbitrary File Upload', 'Description' = %q This module exploits a file upload vulnerability in...

ManageEngine OpManager and Social IT Arbitrary File Upload

This module exploits a file upload vulnerability in ManageEngine OpManager and Social IT. The vulnerability exists in the FileCollector servlet which accepts unauthenticated file uploads. This module has been tested successfully on OpManager v8.8 - v11.3 and on version 11.0 of SocialIT for Window...

IBM Algorithmics RICOS 4.5.0 4.7.0 - Multiple Vulnerabilities

IBM Algorithmics RICOS 4.5.0 4.7.0 - Multiple Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple severe vulnerabilities product: IBM Algorithmics RICO...

Jakarta Tomcat 3.x/4.0 - Error Message Information Disclosure

source: https://www.securityfocus.com/bid/3199/info When a malformed request is made for a Java Server Page the server displays an error page. The error page contains potentially sensitive information, along with the absolute path of the JSP file on the webserver, which may aid in further attacks...