4165 matches found
Low: Red Hat Security Advisory: libxml2 security and bug fix update
Updated libxml2 packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
[SECURITY] [DLA 274-1] groovy security update
Package : groovy Version : 1.7.0-4+deb6u1 CVE ID : CVE-2015-3253 cpnrodzc7, working with HPs Zero Day Initiative, discovered that Java applications using standard Java serialization mechanisms to decode untrusted data, and that have Groovy on their classpath, can be passed a serialized object tha...
Debian DLA-274-1 : groovy security update
cpnrodzc7, working with HP's Zero Day Initiative, discovered that Java applications using standard Java serialization mechanisms to decode untrusted data, and that have Groovy on their classpath, can be passed a serialized object that will cause the application to execute arbitrary code. For the...
Apache Groovy 2.4.x Disclosure Vulnerabilities
Exploit for multiple platform in category remote exploits Severity: Important Vendor: The Apache Software Foundation Versions Affected: All unsupported versions ranging from 1.7.0 to 2.4.3. Impact Remote execution of untrusted code, DoS Here you can find information about security patches or...
DLA-274-1 groovy - security update
Bulletin has no description...
groovy -- remote execution of untrusted code
Cédric Champeau reports: Description When an application has Groovy on the classpath and that it uses standard Java serialization mechanism to communicate between servers, or to store local data, it is possible for an attacker to bake a special serialized object that will execute code directly wh...
Security update for php5 (important)
The PHP script interpreter was updated to receive various security fixes: CVE-2015-4602 bnc935224: Fixed an incomplete Class unserialization type confusion. CVE-2015-4599, CVE-2015-4600, CVE-2015-4601 bnc935226: Fixed type confusion issues in unserialize with various SOAP methods. CVE-2015-4603...
TCPDF Library 5.9 - Arbitrary File Deletion
TCPDF Library 5.9 - Arbitrary File Deletion TCPDF library Universal POI Payload to Arbitrary File Deletion + Author: Filippo Roncari + Target: TCPDF library + Version: internalencoding AND !empty$this-internalencoding mbinternalencoding$this-internalencoding; // u...
SixApart MovableType Storable Perl Code Execution Exploit
Exploit for unix platform in category remote exploits This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'SixApart MovableType Storable Perl Code Execution', 'Description' = %q This...
SixApart MovableType - Storable Perl Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'SixApart MovableType Storable Perl Code Execution', 'Description' = %q This module exploits a serialization flaw in MovableType befo...
SixApart MovableType Storable Perl Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'SixApart MovableType Storable Perl Code Execution', 'Description' = %q This module exploits a serialization flaw in MovableType befo...
SixApart MovableType Storable Perl Code Execution
This module exploits a serialization flaw in MovableType before 5.2.12 to execute arbitrary code. The default nondestructive mode depends on the target server having the Object::MultiType and DateTime Perl modules installed in Perl's @INC paths. The destructive mode of operation uses only require...
[SECURITY] Fedora 22 Update: PyYAML-3.11-7.fc22
YAML is a data serialization format designed for human readability and interaction with scripting languages. PyYAML is a YAML parser and emitter for Python. PyYAML features a complete YAML 1.1 parser, Unicode support, pickle support, capable extension API, and sensible error messages. PyYAML...
Facebook HHVM 'WddxPacket::recursiveAddVar' Cross-Site Scripting Vulnerability
Facebook HHVM is a virtual machine from Facebook USA that significantly improves the performance of loading dynamic pages with PHP. A cross-site scripting vulnerability exists in the 'WddxPacket::recursiveAddVar' function of Facebook HHVM due to the 'wddxserializevalue' function failing to...
CVE-2015-2828
CA Spectrum 9.2.x and 9.3 before 9.3 H02 are vulnerable due to insufficient validation of serialized Java objects. This allows a remote authenticated attacker to escalate to administrative privileges via crafted object data. Remediation: update to CA Spectrum 9.3 H02 or a newer release (as noted ...
KLA10537 Multiple vulnerabilities in CA Spectrum
Multiple serious vulnerabilities have been found in CA Spectrum. Malicious users can exploit these vulnerabilities to gain privileges or inject arbitrary code. Below is a complete list of vulnerabilities 1. Improper data serialization can be exploited remotely via a specially designed Java object...
[SECURITY] Fedora 20 Update: PyYAML-3.10-11.fc20
YAML is a data serialization format designed for human readability and interaction with scripting languages. PyYAML is a YAML parser and emitter for Python. PyYAML features a complete YAML 1.1 parser, Unicode support, pickle support, capable extension API, and sensible error messages. PyYAML...
[SECURITY] Fedora 21 Update: PyYAML-3.11-7.fc21
YAML is a data serialization format designed for human readability and interaction with scripting languages. PyYAML is a YAML parser and emitter for Python. PyYAML features a complete YAML 1.1 parser, Unicode support, pickle support, capable extension API, and sensible error messages. PyYAML...
JBoss JMXInvokerServlet JMXInvoker 0.3 - Remote Command Execution
JBoss JMXInvokerServlet JMXInvoker 0.3 - Remote Command Execution / JBoss JMXInvokerServlet Remote Command Execution JMXInvoker.java v0.3 - Luca Carettoni @ikki This code exploits a common misconfiguration in JBoss Application Server 4.x, 5.x, .... Whenever the JMX Invoker is exposed with the...
SixApart MovableType < 5.2.12 - Storable Perl Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'SixApart MovableType Storable Perl Code Execution', 'Description' = %q This module exploits a serialization flaw in MovableType...