EUVD-2015-1902

Malware in sbrugna...

EUVD-2015-3321

Malicious code in bioql PyPI...

GHSA-W8V7-PRHW-XJPW Apache Flex BlazeDS unsafe deserialization

Previous versions of Apache Flex BlazeDS 4.7.2 and earlier did not restrict which types were allowed for AMFX object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such...

Apache Flex BlazeDS unsafe deserialization

Previous versions of Apache Flex BlazeDS 4.7.2 and earlier did not restrict which types were allowed for AMFX object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such...

Eibiz i-Media Server Digital Signage 3.8.0 - Privilege Escalation

Exploit Title: Eibiz i-Media Server Digital Signage 3.8.0 - Privilege Escalation Date: 2020-08-28 Exploit Author: LiquidWorm Vendor Homepage: http://www.eibiz.co.th Version: 3.8.0 Tested on: Windows CVE : N/A !/usr/bin/env python3 -- coding: utf-8 -- Eibiz i-Media Server Digital Signage 3.8.0...

Eibiz i-Media Server Digital Signage 3.8.0 - Directory Traversal

Exploit Title: Eibiz i-Media Server Digital Signage 3.8.0 - Directory Traversal Date: 2020-08-22 Exploit Author: LiquidWorm Vendor Homepage: http://www.eibiz.co.th Affected version: =3.8.0 CVE: N/A Eibiz i-Media Server Digital Signage 3.8.0 oldfile File Path Traversal Vendor: EIBIZ Co.,Ltd. Produ...

Eibiz i-Media Server Digital Signage 3.8.0 - Authentication Bypass

Exploit Title: Eibiz i-Media Server Digital Signage 3.8.0 - Authentication Bypass Date: 2020-08-21 Exploit Author: LiquidWorm Vendor Homepage: http://www.eibiz.co.th Version: =3.8.0 CVE: N/A !/usr/bin/env python3 -- coding: utf-8 -- Eibiz i-Media Server Digital Signage 3.8.0 createUser...

Eibiz i-Media Server Digital Signage 3.8.0 - Configuration Disclosure

Exploit Title: Eibiz i-Media Server Digital Signage 3.8.0 - Configuration Disclosure Date: 2020-08-21 Exploit Author: LiquidWorm Vendor Homepage: http://www.eibiz.co.th Version: =3.8.0 CVE: N/A Eibiz i-Media Server Digital Signage 3.8.0 Configuration Disclosure Vendor: EIBIZ Co.,Ltd. Product web...

Eibiz i-Media Server Digital Signage 3.8.0 Configuration Disclosure Vulnerability

Eibiz i-Media Server Digital Signage version 3.8.0 suffers from an unauthenticated configuration disclosure vulnerability. Eibiz i-Media Server Digital Signage 3.8.0 Configuration Disclosure Vendor: EIBIZ Co.,Ltd. Product web page: http://www.eibiz.co.th Affected version: =3.8.0 Summary: EIBIZ...

Eibiz i-Media Server Digital Signage 3.8.0 Remote Privilege Escalation / Account Takeover Exploit

Eibiz i-Media Server Digital Signage version 3.8.0 suffers from an unauthenticated remote privilege escalation and account takeover vulnerability that can be triggered by directly calling the updateUser object part of ActionScript object graphs, effectively elevating to an administrative role or...

Eibiz i-Media Server Digital Signage 3.8.0 Remote Privilege Escalation / Account Takeover

!/usr/bin/env python3 -- coding: utf-8 -- Eibiz i-Media Server Digital Signage 3.8.0 Remote Privilege Escalation / Account Takeover Vendor: EIBIZ Co.,Ltd. Product web page: http://www.eibiz.co.th Affected version: =3.8.0 Summary: EIBIZ develop advertising platform for out of home media in that ti...

Eibiz i-Media Server Digital Signage 3.8.0 Authentication Bypass

!/usr/bin/env python3 -- coding: utf-8 -- Eibiz i-Media Server Digital Signage 3.8.0 createUser Authentication Bypass Add Admin Vendor: EIBIZ Co.,Ltd. Product web page: http://www.eibiz.co.th Affected version: =3.8.0 Summary: EIBIZ develop advertising platform for out of home media in that time t...

Eibiz i-Media Server Digital Signage 3.8.0 Remote Privilege Escalation / Account Takeover

Summary EIBIZ develop advertising platform for out of home media in that time the world called "Digital Signage". Because most business customers still need get outside to get in touch which products and services. Online media alone cannot serve them right place, right time. Description The...

Eibiz i-Media Server Digital Signage 3.8.0 Configuration Disclosure

Eibiz i-Media Server Digital Signage 3.8.0 Configuration Disclosure Vendor: EIBIZ Co.,Ltd. Product web page: http://www.eibiz.co.th Affected version: =3.8.0 Summary: EIBIZ develop advertising platform for out of home media in that time the world called "Digital Signage". Because most business...

Eibiz i-Media Server Digital Signage 3.8.0 (oldfile) File Path Traversal

Summary EIBIZ develop advertising platform for out of home media in that time the world called "Digital Signage". Because most business customers still need get outside to get in touch which products and services. Online media alone cannot serve them right place, right time. Description i-Media...

U.S. Dept Of Defense: [HTAF4-213] [Pre-submission] Unsafe AMF deserialization (CVE-2017-5641) in Apache Flex BlazeDS at the https://www.███████/daip/messagebroker/amf

The vulnerability was an unsafe AMF Action Message Format deserialization issue in Apache Flex BlazeDS, affecting the /daip/messagebroker/amf endpoint. Successful exploitation could allow an attacker to trigger a DNS lookup by sending a crafted AMF payload. The vulnerability was identified and...

Apache Flex AMF BlazeDS Java Object Deserialization Remote Code Execution (CVE-2017-5641)

A remote code execution vulnerability exists in Apache Flex BlazeDS. This vulnerability is due to deserialization of untrusted data. A remote unauthenticated attacker may exploit this vulnerability by sending a crafted file to the target system...

Vigor ACS Unsafe Flex AMF Java Object Deserialization(CVE-2017-5641)

Vulnerability Summary A vulnerability in Vigor ACS allows unauthenticated users to cause the product to execute arbitrary code. VigorACS 2 “is a powerful centralized management software for Vigor Routers and VigorAPs, it is an integrated solution for configuring, monitoring, and maintenance of...

Deserialization of untrusted data

Previous versions of Apache Flex BlazeDS 4.7.2 and earlier did not restrict which types were allowed for AMFX object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such...

CVE-2017-5641

Previous versions of Apache Flex BlazeDS 4.7.2 and earlier did not restrict which types were allowed for AMFX object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types may also exhibit such...