Huawei EulerOS: Security Advisory for numpy (EulerOS-SA-2020-2375)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP2 : numpy (EulerOS-SA-2020-2375)

According to the version of the numpy packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary...

EulerOS 2.0 SP3 : numpy (EulerOS-SA-2020-2083)

According to the version of the numpy packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary...

Microsoft SQL Server Reporting Services 2016 ViewState deserialization vulnerability

Added: 09/25/2020 CVE: CVE-2020-0618 Background Microsoft SQL Server Reporting Services is a set of tools and services for creating, deploying, and managing mobile and paginated reports. Problem A deserialization vulnerability in Microsoft SQL Server Reporting Services 2016 allows a remote,...

EulerOS Virtualization 3.0.6.0 : numpy (EulerOS-SA-2020-1730)

According to the version of the numpy packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - DISPUTED An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attacker...

Insecure Deserialization in Apache Commons Collection

Serialized-object interfaces in Java applications using the Apache Commons Collections ACC library may allow remote attackers to execute arbitrary commands via a crafted serialized Java object...

The vulnerability in the web interface of the Cisco Unified Contact Center Express software allows a hacker to execute arbitrary code.

The vulnerability in the web interface for controlling the Cisco Unified Contact Center Express software application exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted serialized Java...

WebLogic Server Deserialization Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebLogic Server Deserialization RCE BadAttributeValueExpException ExtComp', 'Description' = %q There exists a Java object deserialization...

CVE-2020-12835

An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to unsafe use of an Java RMI based protocol in an unsafe configuration, an attacker can inject malicious serialized objects into the communication, resulting in remote code execution in the context of a client-side Network...

CVE-2019-6446

An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might...

EulerOS 2.0 SP5 : numpy (EulerOS-SA-2020-1315)

According to the version of the numpy packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary...

SQL Server Reporting Services (SSRS) ViewState Deserialization

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SQL Server Reporting Services SSRS ViewState Deserialization', 'Description' = %q A vulnerability exists within Microsoft's SQL Server Reporting...

SQL Server Reporting Services (SSRS) ViewState Deserialization

A vulnerability exists within Microsoft's SQL Server Reporting Services which can allow an attacker to craft an HTTP POST request with a serialized object to achieve remote code execution. The vulnerability is due to the fact that the serialized blob is not signed by the server. This module...

HPE Intelligent Management Center TopoDebugServlet Insecure Deserialization

An insecure deserialization vulnerability has been reported in HPE Intelligent Management Center. The vulnerability is due to deserialization of untrusted data by the TopoDebugServlet while having vulnerable classes in the code path. A remote, authenticated attacker can exploit this vulnerability...

Security Bulletin: Apache Commons Collections library in WebSphere Application Server Knowledge Center is vulnerable in IBM Cloud (CVE-2015-7450)

Summary The Knowledge Center Component used in Version 9 of the WebSphere Application Server needs an updated Apache Commons Collections library. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT...

Updated python-numpy packages fix security vulnerability

Updated python-numpy packages fix security vulnerability: An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call CVE-2019-6446...

CVE-2019-12630

A vulnerability in the Java deserialization function used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An...

OpenMRS Platform Insecure Deserialization (CVE-2018-19276)

An Insecure Deserialization vulnerability exists in OpenMRS platform. A remote attacker can exploit this vulnerability by sending a specially crafted serialized object. Successful exploitation can result in arbitrary code execution in the effected system...

Remote Code Execution (RCE)

hessian is remote code execution RCE vulnerability. It misses the blacklisting of Resin Gadget due to improper handling of com.caucho.naming.QName and com.sun.org.apache.xpath.internal.objects.XString when the attacker sends malicious serialized Hessian object...

IBM WebSphere Application Server Remote Code Execution Vulnerability (CVE-2018-1904)

The IBM WebSphere Application Server running on the remote host is version 7.0.0.0 through 7.0.0.45, 8.0.0.0 through 8.0.0.15, 8.5.x prior to 8.5.5.15, or 9.0.0.x prior to 9.0.0.10. It is, therefore, affected by a remote code execution vulnerability that allows remote attackers to execute arbitra...