PT-2024-7212 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 16.6 through 17.2.9 GitLab EE versions 17.3 through 17.3.5 GitLab EE versions 17.4 through 17.4.2 Description: An issue has been discovered in GitLab EE, allowing an unauthenticated attacker to determine the GitLab version...

Disk Sorter Server 13.6.12 - (Disk Sorter Server) Unquoted Service Path Vulnerability

Exploit Title: Disk Sorter Server 13.6.12 - 'Disk Sorter Server' Unquoted Service Path Discovery by: BRushiran Vendor Homepage: https://www.disksorter.com Software Links: https://www.disksorter.com/setupsx64/disksortersrvsetupv13.6.12x64.exe Tested Version: 13.6.12 Vulnerability Type: Unquoted...

Xymon 4.3.25 - useradm Command Execution Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Xymon useradm Command Execution', 'Description' = %q This module exploits a command injection vulnerability in Xymon versions before 4.3.25 which...

C5Scan - Vulnerability Scanner And Information Gatherer For The Concrete5 CMS

Vulnerability scanner and information gatherer for the Concrete5 CMS. Is a little out of date presently pending a refactor. concrete5 is an open-source content management system CMS for publishing content on the World Wide Web and intranets. concrete5 is designed for ease of use, for users with a...

Memcached UDP Version Scanner

This module can be used to discover Memcached servers which expose the unrestricted UDP port 11211. A basic "version" request is executed to obtain the version of memcached. This module requires Metasploit: https://metasploit.com/download Current source:...

Cross site scripting

Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1. In certain scenarios it was possible to execute arbitrary JavaScript code in the context of vulnerable application, via user.Context in the Object Selector,...

CVE-2017-7427

Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1. In certain scenarios it was possible to execute arbitrary JavaScript code in the context of vulnerable application, via user.Context in the Object Selector,...

CVE-2017-7427 iManager - Multiple Reflected Cross-Site Scripting attacks

Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1. In certain scenarios it was possible to execute arbitrary JavaScript code in the context of vulnerable application, via user.Context in the Object Selector,...

[BlindElephant] Web Application Fingerprinter

The BlindElephant Web Application Fingerprinter attempts to discover the version of a known web application by comparing static files at known locations against precomputed hashes for versions of those files in all all available releases. The technique is fast, low-bandwidth, non-invasive, generi...

[BlindElephant] Web Application Fingerprinting

During Black Hat USA 2010 , Patrick Thomas presented a new web application fingerprinting tool called Blind Elephant. The BlindElephant Web Application Finger-printer attempts to discover the version of a known web application by comparing static files at known locations against precomputed hashe...

Remote Help Detection

The remote host is running Remote Help, a web server for Windows that can be used to control the host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid45139; scriptversion"1.5"; scriptcvsdate"Date: 2019/11/22"; scriptnameenglish:"Remote Help Detection";...