Lucene search
K

12 matches found

Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.279 views

SaltStack Salt Master Server Root Key Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SaltStack Salt Master Server Root Key Disclosure', 'Description' = %q This module exploits unauthenticated access to the prepauthinfo method in t...

9.8CVSS7.4AI score0.96405EPSS
Exploits25
Source Incite
Source Incite
added 2022/05/26 12:0 a.m.147 views

SRC-2022-0020 : VMware vRealize Operations Manager generateSupportBundle VCOPS_BASE Privilege Escalation Vulnerability

Vulnerability Details: This vulnerability allows local attackers to escalate privileges on affected installations of VMware vRealize Operations Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specif...

7.2CVSS8AI score0.00557EPSS
Exploits1
Source Incite
Source Incite
added 2022/05/26 12:0 a.m.116 views

SRC-2022-0017 : VMware vRealize Operations Manager MainPortalFilter Authentication Bypass Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to bypass authentication on affected installations of VMware vRealize Operations. Authentication is not required to exploit this vulnerability. The specific flaw exists within MainPortalFilter class. The issue results from the...

7.5CVSS8.4AI score0.00718EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2022/01/21 12:0 a.m.196 views

VMware vRealize Operations Manager Log4Shell Direct Check (CVE-2021-44228) (VMSA-2021-0028)

Binary data vmwarevrealizeoperationsmanagerlog4shell.nbin...

10CVSS10AI score0.99999EPSS
Exploits352References3
Rapid7 Blog
Rapid7 Blog
added 2021/04/30 5:42 p.m.107 views

Metasploit Wrap-Up

Operations shell Operations and management software make popular targets due to their users typically having elevated privileges across a network. Our own wvu contributed the VMware vRealize Operations vROps Manager SSRF RCE exploit module for the vulnerabilities discovered by security researcher...

9CVSS1.3AI score0.99301EPSS
Exploits24
Metasploit
Metasploit
added 2021/04/27 5:41 p.m.48 views

VMware vRealize Operations (vROps) Manager SSRF RCE

This module exploits a pre-auth SSRF CVE-2021-21975 and post-auth file write CVE-2021-21983 in VMware vRealize Operations Manager to leak admin creds and write/execute a JSP payload. CVE-2021-21975 affects the /casa/nodes/thumbprints endpoint, and CVE-2021-21983 affects the...

8.5CVSS7.2AI score0.7829EPSS
Exploits12
Packet Storm
Packet Storm
added 2021/04/27 12:0 a.m.923 views

VMware vRealize Operations Manager Server-Side Request Forgery / Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware vRealize Operations vROps Manager SSRF RCE', 'Description' = %q This module exploits a pre-auth SSRF CVE-2021-21975 and post-auth file wri...

8.5CVSS0.8AI score0.7829EPSS
Exploits12
seebug.org
seebug.org
added 2021/03/31 12:0 a.m.106 views

VMware vRealize Operations Manager SSRF和文件读取漏洞(CVE-2021-21975 CVE-2021-21983)

Description On March 30, 2021, VMware published a security advisory for CVE-2021-21975 and CVE-2021-21983, two chainable vulnerabilities in its vRealize Operations Manager product. CVE-2021-21975 is an unauthenticated server-side request forgery SSRF, while CVE-2021-21983 is an authenticated...

8.5CVSS8.1AI score0.7829EPSS
Exploits12
Tenable Nessus
Tenable Nessus
added 2021/03/31 12:0 a.m.120 views

VMware vRealize Operations Manager 7.5.x / 8.x Multiple Vulnerabilities (VMSA-2021-0004)

The version of VMware vRealize Operations vROps Manager running on the remote web server is 7.5.x prior to 7.5.0.17771878, 8.0.0 prior to 8.0.1.17771851, or 8.1.0 prior to 8.1.1.17772462 or 8.2.0 prior to 8.2.0.17771778 or 8.3.0 prior to 8.3.0.17787340. It is, therefore, affected by a multiple...

8.5CVSS7.6AI score0.7829EPSS
Exploits12References3
Packet Storm
Packet Storm
added 2020/05/12 12:0 a.m.260 views

SaltStack Salt Master/Minion Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SaltStack Salt Master/Minion Unauthenticated RCE', 'Description' = %q This module exploits unauthenticated access to the runner and sendpub metho...

7.5CVSS0.9AI score0.96405EPSS
Exploits25
Metasploit
Metasploit
added 2020/05/11 5:5 p.m.81 views

SaltStack Salt Master Server Root Key Disclosure

This module exploits unauthenticated access to the prepauthinfo method in the SaltStack Salt master's ZeroMQ request server, for versions 2019.2.3 and earlier and 3000.1 and earlier, to disclose the root key used to authenticate administrative commands to the master. VMware vRealize Operations...

9.8CVSS8.5AI score0.96405EPSS
Exploits25
Metasploit
Metasploit
added 2020/05/11 5:5 p.m.80 views

SaltStack Salt Master/Minion Unauthenticated RCE

This module exploits unauthenticated access to the runner and sendpub methods in the SaltStack Salt master's ZeroMQ request server, for versions 2019.2.3 and earlier and 3000.1 and earlier, to execute code as root on either the master or on select minions. VMware vRealize Operations Manager...

9.8CVSS9AI score0.96405EPSS
Exploits25
Rows per page
Query Builder