12 matches found
SaltStack Salt Master Server Root Key Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SaltStack Salt Master Server Root Key Disclosure', 'Description' = %q This module exploits unauthenticated access to the prepauthinfo method in t...
SRC-2022-0017 : VMware vRealize Operations Manager MainPortalFilter Authentication Bypass Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on affected installations of VMware vRealize Operations. Authentication is not required to exploit this vulnerability. The specific flaw exists within MainPortalFilter class. The issue results from the...
SRC-2022-0020 : VMware vRealize Operations Manager generateSupportBundle VCOPS_BASE Privilege Escalation Vulnerability
Vulnerability Details: This vulnerability allows local attackers to escalate privileges on affected installations of VMware vRealize Operations Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...
VMware vRealize Operations Manager Log4Shell Direct Check (CVE-2021-44228) (VMSA-2021-0028)
Binary data vmwarevrealizeoperationsmanagerlog4shell.nbin...
Metasploit Wrap-Up
Operations shell Operations and management software make popular targets due to their users typically having elevated privileges across a network. Our own wvu contributed the VMware vRealize Operations vROps Manager SSRF RCE exploit module for the vulnerabilities discovered by security researcher...
VMware vRealize Operations (vROps) Manager SSRF RCE
This module exploits a pre-auth SSRF CVE-2021-21975 and post-auth file write CVE-2021-21983 in VMware vRealize Operations Manager to leak admin creds and write/execute a JSP payload. CVE-2021-21975 affects the /casa/nodes/thumbprints endpoint, and CVE-2021-21983 affects the...
VMware vRealize Operations Manager Server-Side Request Forgery / Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware vRealize Operations vROps Manager SSRF RCE', 'Description' = %q This module exploits a pre-auth SSRF CVE-2021-21975 and post-auth file wri...
VMware vRealize Operations Manager SSRF和文件读取漏洞(CVE-2021-21975 CVE-2021-21983)
Description On March 30, 2021, VMware published a security advisory for CVE-2021-21975 and CVE-2021-21983, two chainable vulnerabilities in its vRealize Operations Manager product. CVE-2021-21975 is an unauthenticated server-side request forgery SSRF, while CVE-2021-21983 is an authenticated...
VMware vRealize Operations Manager 7.5.x / 8.x Multiple Vulnerabilities (VMSA-2021-0004)
The version of VMware vRealize Operations vROps Manager running on the remote web server is 7.5.x prior to 7.5.0.17771878, 8.0.0 prior to 8.0.1.17771851, or 8.1.0 prior to 8.1.1.17772462 or 8.2.0 prior to 8.2.0.17771778 or 8.3.0 prior to 8.3.0.17787340. It is, therefore, affected by a multiple...
SaltStack Salt Master/Minion Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SaltStack Salt Master/Minion Unauthenticated RCE', 'Description' = %q This module exploits unauthenticated access to the runner and sendpub metho...
SaltStack Salt Master Server Root Key Disclosure
This module exploits unauthenticated access to the prepauthinfo method in the SaltStack Salt master's ZeroMQ request server, for versions 2019.2.3 and earlier and 3000.1 and earlier, to disclose the root key used to authenticate administrative commands to the master. VMware vRealize Operations...
SaltStack Salt Master/Minion Unauthenticated RCE
This module exploits unauthenticated access to the runner and sendpub methods in the SaltStack Salt master's ZeroMQ request server, for versions 2019.2.3 and earlier and 3000.1 and earlier, to execute code as root on either the master or on select minions. VMware vRealize Operations Manager...