SoapUI 4.6.3 - Remote Code Execution Vulnerability

Exploit for windows platform in category remote exploits Exploit Title: SoapUI Remote Code Execution Date: 25.12.13 Exploit Author: Barak Tawily Vendor Homepage: http://www.soapui.org/ Software Link: http://www.soapui.org/Downloads/download-soapui-pro-trial.html Version: vulnerable before 4.6.4...

CVE-2013-4221

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML...

CVE-2013-2035

Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp...

CVE-2013-2035

Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp...

CVE-2013-2035

CVE-2013-2035 : A race condition in HawtJNI’s hawtjni-runtime Library class (Java) allows a local attacker to overwrite a temporary JAR file in /tmp when no custom library path is set, enabling arbitrary code execution before the libraries are loaded. Affected component: HawtJNI before 1.8. The v...

OGNL double evaluation in atlassian-xwork

We have fixed a vulnerability in our version of Xwork. In specific circumstances, attackers can use this vulnerability to execute Java code of their choice on systems that use these frameworks. The attacker needs to be able to access the Confluence web interface. A valid user account is not...

Webwork 2 code injection vulnerability

We have discovered a vulnerability in WebWork 2, which is a part of the Struts web framework. In specific circumstances, attackers can use this vulnerability to execute Java code of their choice on systems that use these frameworks. In case of Bamboo, the attacker needs to be able to access Bambo...

CVE-2013-0127

IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows remote attackers to bypass intended restrictions on Java code execution and X-Confirm-Reading-To functionality via a crafted message, aka SPRs JMOY95BLM6 and...

Code injection

IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows remote attackers to bypass intended restrictions on Java code execution and X-Confirm-Reading-To functionality via a crafted message, aka SPRs JMOY95BLM6 and...

CVE-2013-0127

IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows remote attackers to bypass intended restrictions on Java code execution and X-Confirm-Reading-To functionality via a crafted message, aka SPRs JMOY95BLM6 and...

CVE-2013-0127

The CVE-2013-0127 entry applies to IBM Notes (Lotus Notes) 8.x prior to 8.5.3 FP4 Interim Fix 1 and 9.0 prior to Interim Fix 1, where HTML emails could contain APPLET elements that are not blocked. The underlying issue allows remote attackers to bypass Java execution restrictions and X-Confirm-Re...

Apache Struts ParametersInterceptor Remote Code Execution

This module exploits a remote command execution vulnerability in Apache Struts versions 'Apache Struts ParametersInterceptor Remote Code Execution', 'Description' = %q This module exploits a remote command execution vulnerability in Apache Struts versions 'Meder Kydyraliev', Vulnerability Discove...

Java Applet JMX remote code execution-vulnerability warning-the black bar safety net

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. require 'msf/core' require 'rex' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking...

CVE-2013-1489

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and...

Sybase Adaptive Server Enterprise (ASE)多个安全漏洞

BUGTRAQ ID: 57206 Sybase Adaptive Server Enterprise是关系型数据库管理系统。 Sybase Adaptive Server Enterprise ASE在实现上存在多个安全漏洞，本地用户可利用这些漏洞泄露敏感信息、提升权限、绕过安全限制、控制受影响系统、执行SQL注入攻击、操作某些数据、造成拒绝服务。 1、在创建代理表时存在错误，可被利用绕过某些安全限制。 2、通过Sybase Central的ASE插件创建表时存在错误，可被利用绕过某些安全限制。 3、某些输入没有正确过滤即被用在SQL查询中，通过注入任意SQL代码，可被利用操作SQL查...

Jira Scriptrunner 2.0.7 - Cross-Site Request Forgery / Remote Code Execution (Metasploit)

Author Ben 'highjack' Sheppard Title Jira Scriptrunner 2.0.7 'Jira Scriptrunner 2.0.7 %qThis jira plugin does notuse the built in jira protections websudo or csrf tokens to protect the page from CSRF. This page is supposed to be used by admins to automate tasks, it will accept java code and by...

Jira Scriptrunner 2.0.7 <= CSRF/RCE Exploit

Exploit for windows platform in category remote exploits Author Ben 'highjack' Sheppard Title Jira Scriptrunner 2.0.7 'Jira Scriptrunner 2.0.7 %qThis jira plugin does notuse the built in jira protections websudo or csrf tokens to protect the page from CSRF. This page is supposed to be used by...

Openfire Admin Console Authentication Bypass

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' require 'rex/zip' class Metasploit3...

Openfire Server 3.6.0a - Admin Console Authentication Bypass (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' require 'rex/zip' class Metasploit3...

CVE-2012-1826

dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute arbitrary Java code via a crafted 1 XSLT or 2 Velocity template...