marshalsec

It is an offensive tool for Java deserialization vulnerabilities. The repository contains a Java tool called "marshalsec" that exploits Java object deserialization vulnerabilities, allowing for remote code execution. The tool includes payload generators for various Java serialization libraries,...

Security Bulletin: TADDM is vulnerable to a denial of service due to vulnerability in Castor Library

Summary Castor Library used by IBM Tivoli Application Dependency Discovery Manager and is vulnerable to CVE-2014-3004 Vulnerability Details CVEID:CVE-2014-3004 DESCRIPTION: Castor Library could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection XXE...

Security Bulletin: XML External Entity Injection vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2014-3004

Summary IBM Business Automation Workflow is vulnerable to a XML External Entity Injection attack. Vulnerability Details CVEID:CVE-2014-3004 DESCRIPTION: Castor Library could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection XXE error when processi...

Security Bulletin: Security vulnerabilitiy has been fixed in IBM Security Identity Manager (93519)

Summary Security vulnerability has been fixed in IBM Security Identity Manager Vulnerability Details Third Party Entry: 93519 DESCRIPTION: Castor Library could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection XXE error when processing XML data. B...

marshalsec

This is a Java-based tool called "marshalsec" that exploits Java object deserialization vulnerabilities in various marshalling libraries. The tool is designed to test and demonstrate the exploitation of these vulnerabilities, which can lead to remote code execution RCE and other security issues...

org.apache.camel:camel-castor-starter (=2.20.0) potentially affected by CVE-2017-12634 via org.apache.camel:camel-castor (=2.20.0)

org.apache.camel:camel-castor MAVEN version =2.20.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.camel:camel-castor and may be impacted: - org.apache.camel:camel-castor-starter =2.20.0 Source cves: CVE-2017-12634 Source advisory:...

Security Bulletin: Vulnerability in Castor library affects IBM Cúram(CVE-2014-3004)

Summary IBM Cúram is shipped with a third party library called Castor, which is vulnerable to an XML External Entity Injection XXE error. Vulnerability Details CVEID: CVE-2014-3004 DESCRIPTION: Castor Library could allow a remote attacker to obtain sensitive information, caused by an XML External...

Security Bulletin: Rational Test Control Panel component in Rational Test Workbench and Rational Test Virtualization Server affected by Castor Library vulnerablity (CVE-2014-3004)

Summary The Castor Project Castor library is vulnerable affecting the Rational Test Control Panel component in IBM Rational Test Workbench and Rational Test Virtualization Server. Vulnerability Details CVE ID: CVE-2014-3004 Description: Castor Library could allow a remote attacker to obtain...

Security Bulletin: Multiple IBM InfoSphere Information Server components are vulnerable due to the following Castor Library vulnerability (CVE-2014-3004)

Summary Castor Library could allow a remote attacker to obtain sensitive information in various IBM Information Server components. This is caused by an XML External Entity Injection XXE error when processing XML data. By sending specially-crafted XML data, an attacker could exploit this...

SRC-2016-0024 : Oracle Knowledge Management Castor Library XML External Entity Injection Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose arbitrary file contents on vulnerable installations of Oracle Knowledge Management. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TestClient.jsp script using the...

UBUNTU-CVE-2014-3004

The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity XXE attacks via a crafted XML document...

Castor Library CVE-2014-3004 XML External Entity Information Disclosure Vulnerability

...

Castor Library - XML External Entity Information Disclosure

Castor Library - XML External Entity Information Disclosure source: https://www.securityfocus.com/bid/67676/info Castor Library is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. Caster...

Castor Library - XML External Entity Information Disclosure

source: https://www.securityfocus.com/bid/67676/info Castor Library is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks. Caster Library 1.3.3-RC1 and earlier are vulnerable...