Tags archives: exploit

 

0

Github Enterprise Default Session Secret And Deserialization

This Metasploit module exploits two security issues in Github Enterprise, version 2.8.0 – 2.8.6. The first is that the session management uses a hard-coded secret value, which can be abused to sign a serialized malicious Ruby object. The second problem is due to the use of unsafe deserialization, which allows the malicious Ruby object to […]

The post Github Enterprise Default Session Secret And Deserialization appeared first on MondoUnix.

 

 

 

 

 

 

 

 

 

0

NETGEAR WNR2000v5 (Un)authenticated hidden_lang_avi Stack Overflow

The NETGEAR WNR2000 router has a buffer overflow vulnerability in the hidden_lang_avi parameter. In order to exploit it, it is necessary to guess the value of a certain timestamp which is in the configuration of the router. An authenticated attacker can simply fetch this from a page, but an unauthenticated attacker has to brute force […]

The post NETGEAR WNR2000v5 (Un)authenticated hidden_lang_avi Stack Overflow appeared first on MondoUnix.