Virtual Postage (VPA) - Man In The Middle Remote Code Execution

Exploit Title: Virtual Postage VPA - Remote Code Execution via MITM Date: 20/Jul/17 Exploit Author: MaXe Vendor Homepage: https://play.google.com/store/apps/details?id=a2.virtualpostage.com http://archive.is/EdtJT Software Link: N/A Screenshot: N/A Version: 1.0 Tested on: Android 4.1.0 Google API...

Virtual Postage (VPA) - Man In The Middle Remote Code Execution

Virtual Postage VPA - Man In The Middle Remote Code Execution Exploit Title: Virtual Postage VPA - Remote Code Execution via MITM Date: 20/Jul/17 Exploit Author: MaXe Vendor Homepage: https://play.google.com/store/apps/details?id=a2.virtualpostage.com http://archive.is/EdtJT Software Link: N/A...

CVE-2015-0249

The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language aka VTL...

Design/Logic Flaw

The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language aka VTL...

CVE-2015-0249

The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language aka VTL...

BestSafe Browser - Man In The Middle Remote Code Execution

Exploit Title: BestSafe Browser FREE NoAds - Remote Code Execution Date: 30/Jun/17 Exploit Author: MaXe Vendor Homepage: https://play.google.com/store/apps/details?id=a1.bestsafebrowser.com Software Link: See APK archive websites Screenshot: Refer to https://www.youtube.com/watch?v=VXNVzjsH0As...

Rogue Wave JViews Arbitrary Java Code Vulnerability

Rogue Wave JViews is the United States Rogue Wave Software, Inc. of a set of high-performance interactive high-level graphical display for building desktop and Web applications, a set of graphical tools. A security vulnerability exists in Rogue Wave JViews. A remote attacker could exploit the...

Code injection

Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. The issue exists because the ilog.views.faces.IlvFacesController servlet in jviews-framework-all.jar does not...

CVE-2016-6809

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization...

CVE-2016-6809

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization...

Deserialization of untrusted data

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization...

CVE-2016-6809

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization...

CVE-2015-8965

CVE-2015-8965 affects Rogue Wave JViews (before 8.8 patch 21 and before 8.9 patch 1). The vulnerability stems from ilog.views.faces.IlvFacesController in jviews-framework-all.jar not requiring explicit configuration for servlets, enabling remote attackers to execute arbitrary Java code from the c...

CVE-2016-6809

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization...

CVE-2016-6809

Apache Tika prior to 1.14 is vulnerable to remote Java code execution via serialized objects embedded in MATLAB files. The root cause is native deserialization invoked through JMatIO, enabling an attacker to inject and execute code during object deserialization. Public references in the connected...

CVE-2016-6809

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization...

Remote Code Execution (RCE)

Elasticsearch is vulnerable to arbitrary code execution. This is because dynamic scripting is enabled by default, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to search...

Apache Struts 2 Remote Code Execution (CVE-2017-5638)

Description Bamboo used a version of Struts 2 that was vulnerable to CVE-2017-5638|https://cwiki.apache.org/confluence/display/WW/S2-045. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Bamboo Affected versions: All versions o...

Apache Struts 2 Remote Code Execution (CVE-2017-5638)

Description Crowd used a version of Struts 2 that was vulnerable to CVE-2017-5638|https://cwiki.apache.org/confluence/display/WW/S2-045. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Crowd. Affected versions: All versions of...

CVE-2016-0360

IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath. IBM Reference : 1983457...