1118 matches found
Teen arrested for 8 DDoS attacks that disrupted school’s online classes
By Deeba Ahmed A teen is accused of using Low Orbit Ion Cannon to shut down online classes of the' fourth-largest school district in the US with DDoS attacks. This is a post from HackRead.com Read the original post: Teen arrested for 8 DDoS attacks that disrupted school’s online classes...
GHSA-86QR-9VQC-PGC6 Code execution in Spring Integration
Spring Integration framework provides Kryo Codec implementations as an alternative for Java deserialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious cod...
Code execution in Spring Integration
Spring Integration framework provides Kryo Codec implementations as an alternative for Java deserialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious cod...
CVE-2020-5413
Spring Integration framework provides Kryo Codec implementations as an alternative for Java deserialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious cod...
CVE-2020-5413
Spring Integration framework provides Kryo Codec implementations as an alternative for Java deserialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious cod...
CVE-2020-5413 Kryo Configuration Allows Code Execution with Unknown "Serialization Gadgets"
Spring Integration framework provides Kryo Codec implementations as an alternative for Java deserialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains malicious cod...
Important: Red Hat Bug Fix Advisory: Satellite 6.7.2 Async Bug Fix Update
Updated Satellite 6.7 packages that fix several bugs are now available for Red Hat Satellite. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other clien...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Advantech Webaccess
This is a PoC Proof of Concept exploit for CVE-2016-0856, a vulnerability in the Windows RPC Remote Procedure Call service. The exploit targets the RpcClient and RpcDcClient classes in the bwconn.dll library. The exploit is written in Python and uses the ctypes library to interact with the DLL. T...
jackson-databind: Serialization gadgets in classes of the commons-configuration package
A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...
kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information
A server side request forgery SSRF flaw was found in Kubernetes. The kube-controller-manager allows authorized users with the ability to create StorageClasses or certain Volume types to leak up to 500 bytes of arbitrary information from the master's host network. This can include secrets from the...
Schools Already Struggled With Cybersecurity. Then Came Covid-19
A lack of dedicated funding and resources made it hard to keep data secure—and that was before classes moved almost entirely online...
Design/Logic Flaw
compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method such as wakeup or destruct, and any...
kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information
A server side request forgery SSRF flaw was found in Kubernetes. The kube-controller-manager allows authorized users with the ability to create StorageClasses or certain Volume types to leak up to 500 bytes of arbitrary information from the master's host network. This can include secrets from the...
kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information
A server side request forgery SSRF flaw was found in Kubernetes. The kube-controller-manager allows authorized users with the ability to create StorageClasses or certain Volume types to leak up to 500 bytes of arbitrary information from the master's host network. This can include secrets from the...
CVE-2020-5411
When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets". Spring Batch configures Jackson with global default typing enabled which means...
Deserialization of untrusted data
When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets". Spring Batch configures Jackson with global default typing enabled which means...
Linux: minclass in pam_pwquality.so
The pampwquality module can be plugged into the password stack of a given service to provide some plug-in strength-checking for passwords. The code was originally based on pamcracklib module and the module is backwards compatible with its options. - minclass: The minimum number of required classe...
CVE-2020-11975
Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process...
Design/Logic Flaw
Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process...
OpenJDK: Incorrect bounds checks in NIO Buffers (Libraries, 8234841)
A flaw was found in the boundary checks in the java.nio buffer classes in the Libraries component of OpenJDK, where it is bypassed in certain cases. This flaw allows an untrusted Java application or applet o bypass Java sandbox restrictions...