CVE-2016-5229

CVE-2016-5229 affects Atlassian Bamboo prior to 5.11.4.1 and 5.12.x prior to 5.12.3.1. The issue arises from insufficient restriction of deserialized classes during XStream-based deserialization, enabling remote code execution via crafted input. A fix is available: Bamboo 5.12.3.1 and 5.11.4.1 (a...

BeanShell: Arbitrary code execution

Background BeanShell is a small, free, embeddable Java source interpreter with object scripting language features, written in Java. Description An application that includes BeanShell on the classpath may be vulnerable if another part of the application uses Java serialization or XStream to...

Shiro RememberMe 1.2.4 deserialize the result of command execution vulnerability

Author: rungobier 知道创宇404安全实验室 概述 Apache Shiro 在 Java 的权限及安全验证框架中占用重要的一席之地，在它编号为550的 issue 中爆出严重的 Java 反序列化漏洞。下面，我们将模拟还原此漏洞的场景以及分析过程。 0x01 漏洞场景还原 首先，需要获取 Apache Shiro 存在漏洞的源代码，具体操作如下: git clone https://github.com/apache/shiro.git git checkout shiro-root-1.2.4 cd ./shiro/samples/web...

PayPal Fixes CSRF Vulnerability in PayPal.me

PayPal recently fixed a vulnerability on its PayPal.me site that could have let an attacker change a user’s profile without permission. The issue stemmed from a cross-site request forgery CSRF vulnerability that existed in PayPal.me, a site the company launched last year to let its users request...

Esoteric Software kryo Security Bypass Vulnerability

Esoteric Software kryo is Esoteric Software's set of object serialization framework for Java . A security bypass vulnerability exists in Esoteric Software kryo, which can be exploited by an attacker to bypass security restrictions and perform unauthorized operations...

OpenJDK: insufficient thread consistency checks in ObjectInputStream (Serialization, 8129952)

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization...

OpenJDK: missing checks for proper initialization in ObjectStreamClass (Serialization, 8103671)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization...

groovy: remote execution of untrusted code in class MethodClosure

A flaw was discovered in the way applications using Groovy used the standard Java serialization mechanism. A remote attacker could use a specially crafted serialized object that would execute code directly when deserialized. All applications which rely on serialization and do not isolate the code...

Bomgar Remote Support - Code Execution (Metasploit)

Bomgar Remote Support - Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Bomgar Remote Support Unauthenticated Code Execution', 'Description' = %q This...

SUSE: Security Advisory for libxml2 (SUSE-SU-2016:1538-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2016:1538-1 Security update for libxml2

This update for libxml2 fixes the following security issues: - CVE-2016-2073, CVE-2015-8806, CVE-2016-1839: A Heap-buffer overread was fixed in libxml2/dict.c bsc963963, bsc965283, bsc981114. - CVE-2016-4483: Code was added to avoid an out of bound access when serializing malformed strings...

CVE-2016-4369

HPE Discovery and Dependency Mapping Inventory DDMi 9.30, 9.31, 9.32, 9.32 update 1, 9.32 update 2, and 9.32 update 3 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library...

Magento < 2.0.6 - Arbitrary Unserialize / Arbitrary Write File

arbitrary write file // Date: 18/05/206 // Exploit Author: agix discovered by NETANEL RUBIN // Vendor Homepage: https://magento.com // Version: /shipping-information // in the response check the payment method it may vary from checkmo // // If you didn't provide whereToWrite, it will execute...

[SECURITY] Fedora 22 Update: jackson-dataformat-xml-2.5.0-3.fc22

Data format extension for Jackson http://jackson.codehaus.org to offer alternative support for serializing POJOs as XML and deserializing XML as POJOs. Support implemented on top of Stax API javax.xml.stream, by implementing core Jackson Streaming API types like JsonGenerator, JsonParser and...

[SECURITY] Fedora 23 Update: jackson-dataformat-xml-2.5.0-3.fc23

Data format extension for Jackson http://jackson.codehaus.org to offer alternative support for serializing POJOs as XML and deserializing XML as POJOs. Support implemented on top of Stax API javax.xml.stream, by implementing core Jackson Streaming API types like JsonGenerator, JsonParser and...

Amazon Linux AMI : java-1.6.0-openjdk (ALAS-2016-700)

Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. CVE-2016-0686 , CVE-2016-0687 It was discovered that the RMI server implementation in the JMX...

OpenJDK: insufficient thread consistency checks in ObjectInputStream (Serialization, 8129952)

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization...

RHEL 5 / 6 / 7 : java-1.6.0-openjdk (RHSA-2016:0723)

An update for java-1.6.0-openjdk is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives ...

Scientific Linux Security Update : java-1.6.0-openjdk on SL5.x, SL6.x, SL7.x i386/x86_64 (20160509)

Security Fixes : - Multiple flaws were discovered in the Serialization and Hotspot components in OpenJDK. An untrusted Java application or applet could use these flaws to completely bypass Java sandbox restrictions. CVE-2016-0686, CVE-2016-0687 - It was discovered that the RMI server implementati...

Oracle Linux 5 / 6 / 7 : java-1.6.0-openjdk (ELSA-2016-0723)

The remote Oracle Linux 5 / 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-0723 advisory. 1:1.6.0.39-1.13.11.0 - Update to IcedTea 1.13.11 & OpenJDK 6 b39. - Resolves: rhbz1325432 Tenable has extracted the preceding description block...