jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

A flaw was discovered in FasterXML jackson-databind, where it would permit polymorphic deserialization of malicious objects using the c3p0 gadget when used in conjunction with polymorphic type handling methods such as enableDefaultTyping or when @JsonTypeInfo is using Id.CLASS or Id.MINIMALCLASS ...

Foxit Reader and Foxit PhantomPDF for Windows Memory Misreference Vulnerability (CNVD-2018-21839)

Foxit Reader for Windows is a Windows-based PDF document reader from China's Foxit Foxit Software Corporation.Foxit PhantomPDF for Windows is its commercial version. A memory misreference vulnerability exists in the processing of the boundItem method of TimeField in Foxit Reader 9.2.0.9297 and...

PT-2018-13926 · Western Digital · Western Digital My Cloud

Name of the Vulnerable Software and Affected Versions: Western Digital My Cloud versions prior to 2.30.196 Description: The issue allows an unauthenticated attacker to bypass authentication and gain full control of the device by exploiting a vulnerability in the authentication mechanism...

Linux kernel memory leak vulnerability (CNVD-2018-24475)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A memory leak vulnerability exists in the 'irdabind' function in the net/irda/afirda.c file and the drivers/staging/irda/net/afirda.c file in versions of Linux kernel...

DEBIAN-CVE-2018-6554

Memory leak in the irdabind function in net/irda/afirda.c and later in drivers/staging/irda/net/afirda.c in the Linux kernel before 4.17 allows local users to cause a denial of service memory consumption by repeatedly binding an AFIRDA socket...

August 14, 2018—KB4343897 (OS Build 16299.611)

August 14, 2018—KB4343897 OS Build 16299.611 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Provides protections against a new speculative execution side-channel vulnerability known as L1...

August 14, 2018—KB4343885 (OS Build 15063.1266)

August 14, 2018—KB4343885 OS Build 15063.1266 Note This release also contains updates for Windows 10 Mobile OS Build 15063.1266 released August 14, 2018. Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key...

August 14, 2018—KB4343892 (OS Build 10240.17946)

August 14, 2018—KB4343892 OS Build 10240.17946 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Provides protections against a new speculative execution side-channel vulnerability known as ...

MicroFocus Secure Messaging Gateway Remote Code Execution Exploit

This Metasploit module exploits a SQL injection and command injection vulnerability in MicroFocus Secure Messaging Gateway. An unauthenticated user can execute a terminal command under the context of the web user. One of the user supplied parameters of API endpoint is used by the application...

Micro Focus Secure Messaging Gateway (SMG) 471 - Remote Code Execution (Metasploit)

Micro Focus Secure Messaging Gateway SMG 471 - Remote Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "MicroFocus Secure Messaging Gateway Remote Code Execution",...

MicroFocus Secure Messaging Gateway Remote Code Execution

This module exploits a SQL injection and command injection vulnerability in MicroFocus Secure Messaging Gateway. An unauthenticated user can execute a terminal command under the context of the web user. One of the user supplied parameters of API endpoint is used by the application without input...

CVE-2018-1000601

A arbitrary file read vulnerability exists in Jenkins SSH Credentials Plugin 1.13 and earlier in BasicSSHUserPrivateKey.java that allows attackers with a Jenkins account and the permission to configure credential bindings to read arbitrary files from the Jenkins master file system...

After Upgrade to WEM 4.6 agents not getting configurations with error: Agent (Agent name) is not bound to any configuration set

Upgrade WEM environment from 4.5 to 4.6. After upgrading, WEM agents are randomly reported with the following different status under Administration Agents Registrations: "Agent is bound to multiple configuration sets." Then the same agents are reported with the following status: "Agent is not be...

Security Bulletin: Incorrect SSL protocol variant in SCA HTTP binding affecting WebSphere Enterprise Service Bus, WebSphere Process Server and IBM Business Process Manager Advanced (CVE-2014-6176)

Summary The HTTP import binding in an SCA module can be configured with a reference to a SSL configuration that exists on the application server. The HTTP binding uses always the SSLv3 protocol variant regardless of the SSL protocol setting in the referenced SSL configuration. Vulnerability Detai...

spring-data-commons: XXE with Spring Data’s XMLBeam integration

Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to 2.0.7, used in combination with XMLBeam 1.4.14 or earlier versions, contains a property binder vulnerability caused by improper restriction of XML external entity references as underlying library XMLBeam does not restrict extern...

CVE-2016-10585

libxl provides Node bindings for the libxl library for reading and writing excel XLS and XLSX spreadsheets. libxl downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested zip file with an...

Linux/x86 - Bind (4444/TCP) Shell Shellcode (105 bytes)

/ ; Filename: tcpbindshellcodelight.nasm ; Author: Paolo Perego ; Website: https://codiceinsicuro.it ; Twitter: @thesp0nge ; SLAE-ID: 1217 ; Purpose: binds on TCP port 4444 and spawn a shell on incoming connections. global start section .text start: ; Creating the socket. ; ; int socketint domain...

The Axer - Tool To Automate The Procedure Of Creating Your Payloads With Msfvenom

The axer will replace the manual procedure of creating your payloads with msfvenom , making it easier and a lot quicker. THE AXER WILL LET YOU CHOOSE THE PLATFORM , FORMAT, ENCODER, Bind with another file and a lot of other features: Download The-Axer...

VK.com: [Привязка email к странице] by [email protected] | email-flood

Отсутствие некоторых проверок при привязке почты. Impact: e-mail flood Флуд. █.vk.com/█?act=█&█=█&█=█&█=█&█=█&█=█&█=█&[email protected]&█=█&ref=█ Status: fixed Флуда больше нет. █.vk.com/█?act=█&█=█&█=█&█=█&█=█&chash=█&█=█&ref=█...

CloudBees Jenkins Credentials Binding Plugin Information Disclosure Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software release/testing projects and some of the timed execution of the task.Credentials Binding...