DLA-352-1 libcommons-collections3-java - security update

Bulletin has no description...

DEBIAN-CVE-2015-3253

The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object...

Dell NetVault Backup Heap Buffer Overflow Remote Code Execution Vulnerability

NetVault Backup is a cross-platform backup and recovery software solution that protects data and applications in physical and virtual environments. It is scalable and supports multiple server and application platforms across the enterprise. It has a single, intuitive interface that requires minim...

Laravel 'prepareForUnserialize()' function remote PHP object injection vulnerability

Laravel is a set of PHP development framework. A remote PHP object injection vulnerability exists in Laravel that allows remote attackers to submit specially crafted serialized objects, delete and read files, and execute arbitrary local script code...

PHP Core Unserialize Key Name Code Execution - Ver2 (CVE-2015-0231)

A code execution vulnerability has been reported in PHP core. The vulnerability is due to a use after free error when handling serialized objects with identical number key names within the unserialize function. An attacker could exploit this vulnerability by sending crafted serialized data to a w...

PHP Core unserialize process nested data Use After Free - Ver2 (CVE-2014-8142)

A use-after-free vulnerability has been reported in PHP core. The vulnerability is due to a use after free error when handling serialized objects with identical keys within the unserialize function. An attacker could exploit this vulnerability by sending crafted serialized data to a web applicati...

Cisco Web Security Appliance (WSA) Local Arbitrary Python Code Execution Vulnerability

The Cisco Adaptive Security Appliance is an adaptive security appliance that provides modules for security and VPN services. A security vulnerability exists in the Cisco Web Security Appliance WSA that allows a local attacker to execute arbitrary Python code via specially crafted serialized objec...

CVE-2015-0692

Cisco Web Security Appliance WSA devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execute arbitrary Python code and gain privileges via crafted serialized objects, aka Bug ID CSCut39230...

CA Spectrum Elevation of Privilege Vulnerability

CA Spectrum formerly known as CA Spectrum Infrastructure Manage is a set of converged infrastructure management software developed by CA. The software provides fault management, application performance management and failure cause analysis and other functions. A security vulnerability exists in C...

Apple iOS IOSurface Type Obfuscation Vulnerability

Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A type confusion vulnerability exists in IOSurface when Apple iOS handles serialized objects, which allows attackers to exploit the vulnerability to execute arbitrary code with system privileges...

X2Engine < 4.2 Multiple Vulnerabilities

According to its version number, the X2Engine application installed on the remote web server is potentially affected by multiple vulnerabilities : - A PHP object injection vulnerability exists which can be used to carry out Server-Side Request Forgery SSRF attacks using specially crafted serializ...

UBUNTU-CVE-2013-2225

inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the predefinedfields parameter to front/ticket.form.php...

Secunia Research: OpenPNE PHP Object Injection Vulnerability

====================================================================== Secunia Research 20/01/2014 OpenPNE PHP Object Injection Vulnerability ====================================================================== Table of Contents Affected...

CVE-2013-4271

The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221...

Moodle 'external.php' 'badge' Parameter XSS

The version of Moodle installed on the remote host fails to properly sanitize user-supplied input to the 'badge' parameter of the 'external.php' script. The application also fails to properly sanitize serialized objects. An attacker can exploit these issues by crafting a URL containing a serializ...

openjpa: Remote arbitrary code execution by creating a serialized object and leveraging improperly secured server programs

The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by...

Code injection

TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the 1 cookieName to lib/banners/bannerlib.php; 2 printpages or 3 printstructures parameter to a tiki-printmultipages.php or b tiki-printpages.php; or 4...

PT-2006-6664 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 2.0.5 Description: The issue allows remote authenticated users to cause a denial of service, resulting in an application crash. This occurs when a string representation of a serialized object is not properly stored...

GLSA-200611-10 : WordPress: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200611-10 WordPress: Multiple vulnerabilities 'random' discovered that users can enter serialized objects as strings in their profiles that will be harmful when unserialized. 'adapter' found out that user-edit.php fails to...

WordPress: Multiple vulnerabilities

Background WordPress is a PHP and MySQL based multiuser blogging system. Description "random" discovered that users can enter serialized objects as strings in their profiles that will be harmful when unserialized. "adapter" found out that user-edit.php fails to effectively deny non-permitted user...