CVE-2015-1427

CVE-2015-1427 concerns Elasticsearch’s Groovy scripting engine, where dynamic scripting was enabled by default in versions before 1.3.8 (and 1.4.x before 1.4.3). The root cause is a sandbox bypass in the Groovy sandbox that allows remote attackers to execute arbitrary shell commands via a crafted...

elasticsearch -- remote OS command execution via Groovy scripting engine

Elastic reports: Vulnerability Summary: Elasticsearch versions 1.3.0-1.3.7 and 1.4.0-1.4.2 have vulnerabilities in the Groovy scripting engine that were introduced in 1.3.0. The vulnerability allows an attacker to construct Groovy scripts that escape the sandbox and execute shell commands as the...

MS14-084: Vulnerability in VBScript scripting engine could allow remote code execution: December 9, 2014

Resolves a vulnerability in the VBScript scripting engine in Microsoft Windows that could allow remote code execution if a user visits a specially crafted website. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.INTRODUCTIONMicrosoft h...

Escapade 0.2.1 Beta Scripting Engine PAGE Parameter Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8574/info Escapade is prone to a path disclosure vulnerability. It is possible to gain access to sensitive path information by issuing a request for an invalid resource, passed as a value for the PAGE parameter to the...

Microsoft IIS 5.0 "Translate: f" Source Disclosure Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/1578/info Microsoft IIS 5.0 has a dedicated scripting engine for advanced file types such as ASP, ASA, HTR, etc. files. The scripting engines handle requests for these file types, processes them accordingly, and then...

Microsoft IIS 5.0 "Translate: f" Source Disclosure Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/1578/info Microsoft IIS 5.0 has a dedicated scripting engine for advanced file types such as ASP, ASA, HTR, etc. files. The scripting engines handle requests for these file types, processes them accordingly, and then...

Escapade 0.2.1 Beta Scripting Engine PAGE Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8573/info A cross-site scripting vulnerability has been reported for Escapade. The vulnerability exists due to insufficient sanitization of some user-supplied values. An attacker could exploit this issue to execute...

Web application Advanced Security: IronWASP

Web application Advanced Security: IronWASP IronWASP Iron Web application Advanced Security testing Platform is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Thou...

MS14-011: Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (2928390)

The installed version of the VBScript Scripting Engine has a memory corruption vulnerability due to improper handling of objects in memory. If an attacker can trick a user on the system into viewing or opening malicious content, this issue could be leveraged to execute arbitrary code on the...

OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to...

CVE-2013-3969

Removed by vendor...

OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to...

python-wrapper - Untrusted Search PathCode Execution

python-wrapper - Untrusted Search PathCode Execution python-wrapper untrusted search path/code execution vulnerability Python-wrapper executes any test.py script within the current working directory, when supplied with help'modules'. A non-priviledged user may gain code execution by tricking root...

python-wrapper - Untrusted Search Path/Code Execution

python-wrapper untrusted search path/code execution vulnerability Python-wrapper executes any test.py script within the current working directory, when supplied with help'modules'. A non-priviledged user may gain code execution by tricking root to help'modules' or help and then modules from withi...

python-wrapper untrusted search path/code execution

Exploit for python platform in category local exploits Exploit Title: python-wrapper untrusted search path/code execution vulnerability Date: 06-30-12 Exploit Author: ShadowHatesYou Vendor Homepage: python.org Software Link: http://python.org/download/ Version: Python 2.7.3 and earlier Tested on:...

OpenJDK: missing SecurityManager checks in scripting engine (Scripting, 7046823)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to...

[SECURITY] [DSA 2358-1] openjdk-6 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2358-1 [email protected] http://www.debian.org/security/ December 05, 2011 http://www.debian.org/security/faq - -------------------------------------------------------------------------...

Debian DSA-2356-1 : openjdk-6 - several vulnerabilities (BEAST)

Several vulnerabilities have been discovered in OpenJDK, an implementation of the Java platform : - CVE-2011-3389 The TLS implementation does not guard properly against certain chosen-plaintext attacks when block ciphers are used in CBC mode. - CVE-2011-3521 The CORBA implementation contains a...

[SECURITY] [DSA 2356-1] openjdk-6 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2356-1 [email protected] http://www.debian.org/security/ Florian Weimer December 01, 2011 http://www.debian.org/security/faq -...

Ubuntu: Security Advisory (USN-1263-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...