Python 1.5.2 Pickle Unsafe eval() Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5255/info Python is an open source, object oriented programming language. The Python Pickle module is provided to convert object variables into a serialized form pickling, and later recover the data back into an object...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2013:0377-1)

java-170-openjdk was updated to icedtea-2.3.6 bnc803379 containing various security and bugfixes : - Security fixes - S6563318, CVE-2013-0424: RMI data sanitization - S6664509, CVE-2013-0425: Add logging context - S6664528, CVE-2013-0426: Find log level matching its name or value given at...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2013:1663-1)

Update to icedtea 2.4.3 bnc846999 synchronized OpenJDK 7 support with the upstream u45 b31 fixes the following issues : - S8006900, CVE-2013-3829: Add new date/time capability - S8008589: Better MBean permission validation - S8011071, CVE-2013-5780: Better crypto provider handling - S8011081,...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2013:0964-1)

update to icedtea-2.3.9 bnc816720 - Security fixes - S6657673, CVE-2013-1518: Issues with JAXP - S7200507: Refactor Introspector internals - S8000724, CVE-2013-2417: Improve networking serialization - S8001031, CVE-2013-2419: Better font processing - S8001040, CVE-2013-1537: Rework RMI model -...

openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2013:0777-1)

java-160-openjdk was updated to 1.12.5 bnc817157 - Security fixes - S6657673, CVE-2013-1518: Issues with JAXP - S7200507: Refactor Introspector internals - S8000724, CVE-2013-2417: Improve networking serialization - S8001031, CVE-2013-2419: Better font processing - S8001040, CVE-2013-1537: Rework...

OpenJDK: ObjectStreamClass circular reference denial of service (Serialization, 8000638)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect availability via unknown vectors related to Serialization. NOTE: the previous...

Fedora Update for libyaml FEDORA-2014-4440

Check for the Version of libyaml OpenVAS Vulnerability Test Fedora Update for libyaml FEDORA-2014-4440 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Fedora Update for libyaml FEDORA-2014-4438

Check for the Version of libyaml OpenVAS Vulnerability Test Fedora Update for libyaml FEDORA-2014-4438 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

[SECURITY] Fedora 20 Update: libyaml-0.1.6-1.fc20

YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C...

Important: Red Hat Security Advisory: ruby193-libyaml security update

Updated ruby193-libyaml packages that fix two security issues are now available for Red Hat Enterprise Linux OpenStack Platform 3.0. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give...

PlRPC: Arbitrary code execution

Background The Perl RPC Module is a Perl module that implements IDL-free RPCs. Description PlRPC uses Storable module for serialization and deserialization of untrusted data. Deserialized data can contain objects which can lead to loading of foreign modules, and possible execution of arbitrary...

Fedora Update for xstream FEDORA-2014-2340

Check for the Version of xstream OpenVAS Vulnerability Test Fedora Update for xstream FEDORA-2014-2340 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

[SECURITY] Fedora 19 Update: xstream-1.3.1-5.1.fc19

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

[SECURITY] Fedora 20 Update: xstream-1.3.1-9.fc20

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

[SECURITY] Fedora 19 Update: libyaml-0.1.4-6.fc19

YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C...

[SECURITY] Fedora 20 Update: libyaml-0.1.4-6.fc20

YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C...

OpenPNE 'opSecurityUser::getRememberLoginCookie()' PHP代码注入漏洞

BUGTRAQ ID: 65031 CVECAN ID: CVE-2013-5350 OpenPNE是用PHP编写的社交网络服务引擎。 OpenPNE 3.6.13、3.8.9及之前版本/lib/user/opSecurityUser.class.php脚本内定义的 "opSecurityUser::getRememberLoginCookie"方法中，函数 "unserialize" 存在没有正确过滤的用户输入，这可使远程攻击者通过Cookie报文头内的特制序列化对象，利用此漏洞删除任意文件或执行任意PHP代码。 0 openpne openpne 3.8.9 openpne...

CVE-2013-7224

Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json...

CVE-2013-7249

Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.xml, a different vulnerability than CVE-2013-7224...

Cross site request forgery (csrf)

Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json...