groovy: remote execution of untrusted code in class MethodClosure

A flaw was discovered in the way applications using Groovy used the standard Java serialization mechanism. A remote attacker could use a specially crafted serialized object that would execute code directly when deserialized. All applications which rely on serialization and do not isolate the code...

groovy: remote execution of untrusted code in class MethodClosure

A flaw was discovered in the way applications using Groovy used the standard Java serialization mechanism. A remote attacker could use a specially crafted serialized object that would execute code directly when deserialized. All applications which rely on serialization and do not isolate the code...

OpenText Documentum Content Server "RPC save-command" elevation vulnerability

OpenText Documentum Content Server is a platform for managing content in a repository and consists of three parts: a content server, a relational database, and a location to store documents. OpenText Documentum Content Server "RPC save-command" has an elevation vulnerability that can be exploited...

SAP NetWeaver AS JAVA Denial of Service Vulnerability

SAP NetWeaver is a service-oriented, integrated application platform from SAP that provides a development and runtime environment for SAP applications. SAP NetWeaver AS Application Server Java is an application server that runs in NetWeaver and is based on the Java programming language. SAP EP is...

Groovy: Remote code execution via deserialization

It was found that a flaw in Apache groovy library allows remote code execution wherever deserialization occurs in the application. It is possible for an attacker to craft a special serialized object that will execute code directly when deserialized. All applications which rely on serialization an...

Vulnerability of Adobe AIR software, which allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information

The vulnerability exists in Adobe AIR due to an incorrect limitation on the SWF file format. Exploiting this vulnerability allows malicious actors to execute attacks on JSONP endpoints using Cross-Site Request Forgery CSRF. They can also gain access to confidential information by using specially...

The vulnerability of the Windows operating system allows a malicious intruder to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability in Windows OLE allows for the execution of code remotely, provided that the user opens a file containing a specially crafted OLE object. Exploiting this vulnerability enables the attacker to gain privileges similar to those of an authorized user. If the accessing user has...

Ruby 'Fiddle::Function.new' function heap buffer overflow vulnerability

Ruby is a cross-platform, object-oriented, dynamically typed programming language developed by Japanese software developer Yukihiro Matsumoto. A heap buffer overflow vulnerability exists in the 'Fiddle::Function.new' function in Ruby versions 2.3.0 dev and 2.2.2. The vulnerability can be exploite...

groovy: remote execution of untrusted code in class MethodClosure

A flaw was discovered in the way applications using Groovy used the standard Java serialization mechanism. A remote attacker could use a specially crafted serialized object that would execute code directly when deserialized. All applications which rely on serialization and do not isolate the code...

Microsoft Office Memory Corruption Vulnerability (CNVD-2015-05285)

Microsoft Office is an office software suite of products developed by the U.S. company Microsoft Microsoft. Commonly used components are Word, Excel, Access, Powerpoint, FrontPage and so on. A remote code execution vulnerability exists in Microsoft Office software when the Office software fails t...

CVE-2014-6140

IBM Tivoli Endpoint Manager Mobile Device Management MDM before 9.0.60100 uses the same secret HMAC token across different customers' installations, which allows remote attackers to execute arbitrary code via crafted marshalled Ruby objects in cookies to 1 Enrollment and Apple iOS Management...

Code injection

IBM Tivoli Endpoint Manager Mobile Device Management MDM before 9.0.60100 uses the same secret HMAC token across different customers' installations, which allows remote attackers to execute arbitrary code via crafted marshalled Ruby objects in cookies to 1 Enrollment and Apple iOS Management...

Design/Logic Flaw

The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org OOo might allow remote attackers to embed arbitrary data into documents via crafted OLE objects...

CVE-2013-1768

The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by...

CVE-2013-1768

The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by...

Memory corruption

Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by calling the setCapture method on a collection of crafte...

CVE-2009-1529

Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by calling the setCapture method on a collection of crafte...

security flaw

Integer overflow in the Binary File Descriptor BFD library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer...