609 matches found
XML External Entity (XXE)
amf-serializer is vulnerable to to XML External Entity XXE. The library's AMF3 deserializers allow for external entity references from XML documents embedded in AMF3 messages...
Remote Code Execution (RCE) Via Deserialization Of Untrusted Data
amf-serializer is vulnerable to remote code execution RCE via deserialization of untrusted data. The vulnerability is possible because it has a flaw in AMF3 deserialization using AMF3Deserializer.readAMF3Object. This allows attackers to request a Remote Method Invocation RMI remote object from th...
AMF3 Java implementations deserialization Vulnerability
Details reference: https://codewhitesec.blogspot.kr/2017/04/amf.html Some Java implementations of AMF3 deserializers derive class instances from java. io. Externalizable rather than the AMF3 specification's recommendation of a flash. utils. IExternalizable. A remote attacker with the ability to...
AMF3 Java implementations Improper Control of Dynamically-Managed Code Resources
Details reference: https://codewhitesec.blogspot.kr/2017/04/amf.html Some Java implementations of AMF3 deserializers may allow instantiation of arbitrary classes via their public parameter-less constructor and subsequently call arbitrary Java Beans setter methods. The ability to exploit this...
Remote Code Execution (RCE) Via Deserialization Of Untrusted Data
flex-messaging-core is vulnerable to remote code execution RCE via deserialization of untrusted data. The vulnerability is possible because it has a flaw in AMF deserialization using Externalizable.readExternalObjectInput, allowing attackers to request a RMI remote object from the endpoint and...
Action Message Format (AMF3) Java implementations are vulnerable to insecure deserialization and XML external entities references
Overview Several Java implementations of AMF3 are vulnerable to insecure deserialization and XML external entities references. Description Several Java implementations of Action Message Format AMF3 are vulnerable to one or more of the following implementation errors:CWE-502: Deserialization of...
Adobe Flash - MP4 AMF Parsing Overflow Exploit
Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1018 There is an overflow in MP4 AMF parsing. To reproduce, put the attached files on a server and visit http://127.0.0.1/LoadMP4.swf?file=unsigned.mp4. 0day.today 2018-01-01...
Adobe Flash - MP4 AMF Parsing Overflow
Adobe Flash - MP4 AMF Parsing Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1018 There is an overflow in MP4 AMF parsing. To reproduce, put the attached files on a server and visit http://127.0.0.1/LoadMP4.swf?file=unsigned.mp4. Proof of Concept:...
Adobe Flash - MP4 AMF Parsing Overflow
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1018 There is an overflow in MP4 AMF parsing. To reproduce, put the attached files on a server and visit http://127.0.0.1/LoadMP4.swf?file=unsigned.mp4. Proof of Concept:...
CVE-2016-2340
The AMF framework in Granite Data Services 3.1.1-SNAPSHOT allows remote authenticated users to read arbitrary files, send TCP requests to intranet servers, or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entit...
Xxe
The AMF framework in Granite Data Services 3.1.1-SNAPSHOT allows remote authenticated users to read arbitrary files, send TCP requests to intranet servers, or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entit...
CVE-2016-2340
The AMF framework in Granite Data Services 3.1.1-SNAPSHOT allows remote authenticated users to read arbitrary files, send TCP requests to intranet servers, or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entit...
CVE-2016-2340
CVE-2016-2340 affects Granite Data Services (GraniteDS) AMF framework in version 3.1.1-SNAPSHOT. The vulnerability is an XML External Entity (XXE) issue that, when parsing XML, can allow remote authenticated users to read arbitrary files, issue TCP requests to intranet servers, or cause a denial ...
Granite Data Services AMF framework fails to properly parse XML input containing a reference to external entities
Overview Granite Data Services version 3.1.1-SNAPSHOT AMF framework is vulnerable to XML external entity XXE attack that may be leveraged to expose sensitive data on the host.. Description CWE-611- Improper Restriction of XML External Entity Reference 'XXE' - CVE-2016-2340 Granite Data Services...
rtmpdump: multiple issues
Several issues have been found in the part of rtmpdump handling RTMP streams by LMX of Qihoo 360 Codesafe Team. These issues include memory leak, integer overflow, type confusion when dealing with AMF strings and objects, and several other parsing issues...
FreeBSD : py-amf -- input sanitization errors (1fbd6db1-a4e4-11e5-b864-14dae9d210b8)
oCERT reports : A specially crafted AMF payload, containing malicious references to XML external entities, can be used to trigger Denial of Service DoS conditions or arbitrarily return the contents of files that are accessible with the running application privileges. %NASLMINLEVEL 70300 C Tenable...
py-amf -- input sanitization errors
oCERT reports: A specially crafted AMF payload, containing malicious references to XML external entities, can be used to trigger Denial of Service DoS conditions or arbitrarily return the contents of files that are accessible with the running application privileges...
Apache Flex BlazeDS 4.7.1 SSRF
CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1 Severity: Important Vendor: The Apache Software Foundation Versions Affected: BlazeDS 4.7.0 and 4.7.1 Description: The code in BlazeDS to deserialize AMF XML datatypes allows so-called SSRF Attacks Server Side Request Forgery in which...
Xxe
Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services LCDS 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containin...
CVE-2015-3269
Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services LCDS 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354169 and other products, allows remote attackers to read arbitrary files via an AMF message containin...