Design/Logic Flaw

The Java implementations of AMF3 deserializers in Pivotal/Spring Spring-flex derive class instances from java.io.Externalizable rather than the AMF3 specification's recommendation of flash.utils.IExternalizable. A remote attacker with the ability to spoof or control an RMI server connection may b...

Atlassian JIRA 4.2.4 < 6.3.0 Multiple Vulnerabilities

According to its self-reported version number, the version of Atlassian JIRA hosted on the remote web server is 4.2.4 or later but prior to 6.3.0. It is, therefore, affected by multiple vulnerabilities in the JIRA Workflow Designer plugin : - A remote code execution vulnerability exists in the...