PT-2023-8926 · Sysaid · Sysaid

Name of the Vulnerable Software and Affected Versions: SysAid affected versions not specified Description: The issue is related to a path traversal vulnerability in the doPost method of the com.ilient.server.UserEntry class in SysAid, a service support and hardware and software control automation...

Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining

Misconfigured and poorly secured Apache Tomcat servers are being targeted as part of a new campaign designed to deliver the Mirai botnet malware and cryptocurrency miners. The findings come courtesy of Aqua, which detected more than 800 attacks against its Tomcat server honeypots over a two-year...

CVE-2023-33247

Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog serv...

CVE-2023-33247

Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog serv...

GHSA-F5WX-W2F9-82GH XXE vulnerability in Jenkins WebSphere Deployer Plugin

WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XML external entity XXE attacks. This could be exploited by a user with Job/Configure permissions to upload a specially crafted war file containing a WEB-INF/ibm-web-ext.xml which is parsed by the plugin...

GHSA-W47G-4VRC-M3W2 Cross-site Scripting in Apache Pluto Chatroom demo

The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting XSS attacks. Mitigation: Uninstall the ChatRoomDemo war file - or - migrate to version 3.1.0 of the chat-room-demo war file...

Spring4Shell-Poc - Spring Core RCE 0-day Vulnerability

Description of the vulnerability: https://www.cyberkendra.com/2022/03/springshell-rce-0-day-vulnerability.html Construction of the POC: https://github.com/BobTheShoplifter/Spring4Shell-POC Steps to Build/Run Tested with JDK 11.0.14, Spring Boot 2.6.5, and Apache Tomcat 9.0.60 Run mvn clean packag...

Apache Tomcat Directory Traversal vulnerability

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. dot dot in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry...

GHSA-GGX9-4728-588R Apache Tomcat Directory Traversal vulnerability

Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. dot dot in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry...

Spring4Shell (CVE-2022-22965): details and mitigations

Last week researchers found the critical vulnerability CVE-2022-22965 in Spring – the open source Java framework. Using the vulnerability, an attacker can execute arbitrary code on a remote web server, which makes CVE-2022-22965 a critical threat, given the Spring frameworks popularity. By analog...

Exploit for Code Injection in Vmware Spring_Framework

Spring-Core JDK9+ RCE 使用说明 ╰─ ./CVE-2022-22965 -h...

Cross-site Request Forgery (CSRF)

JBoss is vulnerable to Cross-site request forgery CSRF. flaw was found in the JMX Console. A remote attacker could use this flaw to deploy a WAR file of their choosing on the target server, if they are able to trick a user, who is logged into the JMX Console as the admin user, into visiting a...

Cisco Data Center Network Manager Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Data Center Network Manager Unauthenticated Remote Code Execution', 'Description' = %q DCNM exposes a file upload servlet FileUploadServlet...

Directory Traversal

Apache Tomcat Catalina is vulnerable to directory traversal. Lack of validation of WAR file name allows the attacker to delete the work-directory files using a WAR filename ...war...

JFrog Artifactory Arbitrary File Upload Vulnerability

JFrog Artifactory is an open source, general-purpose Artifact repository manager from Israel's JFrog that supports clustering and high-availability Docker registries and provides an end-to-end automation solution for tracking artifacts from development to production. An arbitrary file upload...

CVE-2018-10682

An issue was discovered in WildFly 10.1.2.Final. It is possible for an attacker to access the administration panel on TCP port 9990 without any authentication using "anonymous" access that is automatically created. Once logged in, a misconfiguration present by default auto-deployment permits an...

CVE-2018-10682

An issue was discovered in WildFly 10.1.2.Final. It is possible for an attacker to access the administration panel on TCP port 9990 without any authentication using "anonymous" access that is automatically created. Once logged in, a misconfiguration present by default auto-deployment permits an...

Unrestricted file upload

Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to 1 deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or 2 possibly write to arbitrary files and cause a denial of service by uploading a...

CVE-2015-9246

An issue was discovered in Skybox Platform before 7.5.201. Remote Unauthenticated Code Execution exists via a WAR archive containing a JSP file. The WAR file is sent to /skyboxview-softwareupdate/services/CollectorSoftwareUpdate and the JSP file is reached at...

EMC CMCNE 11.2.1 - FileUploadController Remote Code Execution (Metasploit)

require 'msf/core' class MetasploitModule 'EMC CMCNE FileUploadController Remote Code Execution', 'Description' = %q This module exploits a fileupload vulnerability found in EMC Connectrix Manager Converged Network Edition MSFLICENSE, 'Author' = 'james fitts' , 'References' = 'ZDI', '13-279' ,...