attackers can change the immutable name and type of cluster

Proof of Concept 1 admin creates a cluster 2 admin adds user1 as one owner 3 attack login as user1 4 user1 edit the the cluster 5 user1 finds that the name and type can not be changed. 6 user1 still edits the cluster and using the burpsuit to hijack the request 7 the request content can be like...

IBM Websphere MQ File Transfer Edition Web Gateway - Insufficient Access Control

Exploit Author: Nir Valtman Affected Platforms: Version 7.0.4 and all previous versions of WebSphereMQ File Transfer Editionrunning on all platforms are affected. Apparently they published the CVE above without mentioning my name, since I found it in the same time while IBM's team found it. This...

rsync-brute NSE Script

Performs brute force password auditing against the rsync remote file syncing protocol. Script Arguments rsync-brute.module - the module against which brute forcing should be performed passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb See the documentation for the unpwdb library...