CVE-2016-6809

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization...

IBM WebSphere Application Server Multiple Vulnerabilities (swg21997743, swg21993797, swg21992315)

IBM WebSphere Application Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Gradle Arbitrary Code Execution Vulnerability

Gradle is a set of JVM-based project build tools , it supports maven, Ivy repository and so on. A security vulnerability exists in the Object Socket Wrapper.java file in Gradle version 2.12. Remote attackers can exploit the vulnerability to execute arbitrary code with the help of specially crafte...

CVE-2016-8919

IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources...

CVE-2016-8919

IBM WebSphere Application Server may be vulnerable to a denial of service, caused by allowing serialized objects from untrusted sources to run and cause the consumption of resources...

Subrion CMS PHP Object Injection Vulnerability

Subrion CMS is an open source content management system CMS. Subrion CMS suffers from a PHP object injection vulnerability that stems from a failure to adequately validate user input. An attacker can use this vulnerability to inject arbitrary objects into the application, delete files, view files...

WordPress Plugin Google Analytics Counter Tracker PHP Object Injection Vulnerability

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . WordPress plugin Google Analytics Counter Tracker has a PHP object injection vulnerability, the vulnerability...

Simple App to-end security vulnerability of the backup function is enabled and a local denial of service vulnerability-vulnerability warning-the black bar safety net

The last description about the App end to sensitive information leaks, then the App end what security vulnerability is worth the developers food for thought and attention? When an App installed in A mobile phone, the user Joe Smith to login through the App, the login data is stored in the mobile...

IBM WebSphere Application Server Remote Code Execution Vulnerability

IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. It is a platform for Java EE and Web services applications and the foundation of the IBM WebSphere software platform.Liberty is a dynamic server profile for WAS. A remote code...

CS-Cart Twigmo Plugin PHP Object Injection Vulnerability

CS-Cart is a PHP and MySQL based e-commerce software system developed by CS-Cart team. The system supports third-party software extensions , custom promotional strategies , product filtering definitions , etc. Twigmo is one of the template plug-ins developed specifically for mobile terminals . A...

Multiple PHP object injection vulnerabilities in SugarCRM

SugarCRM is an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing, management and distribution of sales leads for different customer needs, and enables information sharing and tracking of sales representatives. Multiple PHP obje...

SugarCRM PHP Object Injection Vulnerability (Jun 2016)

SugarCRM is prone to a PHP injection vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:sugarcrm:sugarcrm";...

HPE Discovery and Dependency Mapping Inventory Arbitrary Command Execution Vulnerability

HPE Discovery and Dependency Mapping Inventory DDMi is a Hewlett Packard Enterprise HPE solution for automating the discovery and logging of client device information to help IT departments manage and control costs and risks. Apache Commons Collections ACC is a U.S. Apache Apache Software...

HPE Universal CMDB Arbitrary Code Execution Vulnerability

HPE Universal CMDB is the Universal Management Configuration Database, UCMDB, of Hewlett Packard Enterprise HPE, USA. An arbitrary code execution vulnerability exists in HPE Universal CMDB versions 10.0 through 10.21, Universal CMDB Configuration Manager versions 10.0 through 10.21,Universal...

PowerFolder Server 10.4.321 - Remote Code Execution

Mogwai Security Advisory MSA-2016-01 ---------------------------------------------------------------------- Title: PowerFolder Remote Code Execution Vulnerability Product: PowerFolder Server Affected versions: 10.4.321 Linux/Windows Other version might be also affected Impact: high Remote: yes...

HPE Release Control Apache Commons Collections Arbitrary Code Execution Vulnerability

HPE Release Control is a set of decision support solutions.Apache Commons Collections is a component in Commons Proper of the Apache Commons project that extends or adds to the Java collections framework. An unspecified security vulnerability in ACC for HPE Release Control allows remote attackers...

HPE Network Node Manager Arbitrary Command Execution Vulnerability

HP Network Node Manager i-series NNMi software delivers powerful out-of-the-box features to help your network operations team efficiently manage networks of any size. An arbitrary command execution vulnerability exists in HPE Network Node Manager i NNMi versions 9.20, 9.23, 9.24, 9.25, 10.00,...

HPE P9000 CVAE Arbitrary Command Execution Vulnerability

HP XP P9000 Command View Advanced Edition is a multifunctional device manager for HP XP P9500, XP Disk Array products. A security vulnerability exists in HPE P9000 Command View Advanced Edition Software CVAE and XP7 CVAE, which allows remote attackers to execute arbitrary commands via constructed...

Apache OFBiz Security Bypass Vulnerability

Apache OFBiz also known as Apache Open For Business Project is the United States Apache Apache Software Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. A security bypass vulnerability exists in Apache...

groovy: remote execution of untrusted code in class MethodClosure

A flaw was discovered in the way applications using Groovy used the standard Java serialization mechanism. A remote attacker could use a specially crafted serialized object that would execute code directly when deserialized. All applications which rely on serialization and do not isolate the code...