Posts Tagged ‘enterprise’

Dup Scout Enterprise 9.5.14 Buffer Overflow

This Metasploit module exploits a stack-based buffer overflow vulnerability in the web interface of Dup Scout Enterprise v9.5.14, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This Metasploit module has been tested successfully on Windows 7 SP1 x86. Source: Dup Scout Enterprise 9.5.14 Buffer […]


Disk Sorter Enterprise 9.5.12 GET Buffer Overflow

This Metasploit module exploits a stack-based buffer overflow vulnerability in the web interface of Disk Sorter Enterprise version 9.5.12, caused by improper bounds checking of the request path in HTTP GET requests sent to the built-in web server. This Metasploit module has been tested successfully on Windows 7 SP1 x86. Source: Disk Sorter Enterprise 9.5.12 […]


Splunk Enterprise Multiple Version Information Disclosure

Attackers can siphon information from Splunk Enterprise if an authenticated Splunk user visits a malicious webpage. Some useful data gained is the currently logged in username and if remote user setting is enabled. After, the username can be use to Phish or Brute Force Splunk Enterprise login. Additional information stolen may aid in furthering attacks. […]


Github Enterprise Default Session Secret And Deserialization

This Metasploit module exploits two security issues in Github Enterprise, version 2.8.0 – 2.8.6. The first is that the session management uses a hard-coded secret value, which can be abused to sign a serialized malicious Ruby object. The second problem is due to the use of unsafe deserialization, which allows the malicious Ruby object to […]