Java JMX Server Insecure Configuration Java Code Execution

This module takes advantage a Java JMX interface insecure configuration, which would allow loading classes from any remote HTTP URL. JMX interfaces with authentication disabled com.sun.management.jmxremote.authenticate=false should be vulnerable, while interfaces with authentication enabled will ...

Java JMX Server Insecure Configuration Java Code Execution Exploit

This Metasploit module takes advantage a Java JMX interface insecure configuration, which would allow loading classes from any remote HTTP URL. JMX interfaces with authentication disabled com.sun.management.jmxremote.authenticate=false should be vulnerable, while interfaces with authentication...

Oracle Java SE JRE Multiple Unspecified Vulnerabilities-01 (Feb 2015) - Windows

Oracle Java SE JRE is prone to multiple unspecified vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OpenJDK: incorrect class loader permission check in ClassLoader getParent() (Libraries, 8055314)

An improper permission check issue was discovered in the Libraries component in OpenJDK. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions...

OpenJDK: LogRecord use of incorrect CL when loading ResourceBundle (Libraries, 8042797)

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries...

IBM WebSphere Portal 8.5.0 < 8.5.0 CF02 Multiple Vulnerabilities

The version of IBM WebSphere Portal installed on the remote host is affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the Apache Struts ClassLoader. A remote attacker can exploit this issue by manipulating the 'class' parameter of an ActionForm object to...

Oracle Identity Manager (October 2014 CPU

The remote host is missing the October 2014 Critical Patch Update for Oracle Identity Manager. It is, therefore, affected by multiple vulnerabilities : - The application is affected by a vulnerability in Apache Commons BeanUtils in which ClassLoader objects can be set via the class attribute of a...

OpenJDK: LogRecord use of incorrect CL when loading ResourceBundle (Libraries, 8042797)

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries...

OpenJDK: LogRecord use of incorrect CL when loading ResourceBundle (Libraries, 8042797)

Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries...

Fedora 21 : php-symfony-2.5.4-1.fc21 (2014-10239)

2.5.4 2014-09-03 - security 11832 CVE-2014-6072 fabpot - security 11831 CVE-2014-5245 stof - security 11830 CVE-2014-4931 aitboudad, Jeremy Derusse - security 11829 CVE-2014-6061 damz, fabpot - security 11828 CVE-2014-5244 nicolas-grekas, larowlan - bug 10197 FrameworkBundle PhpExtractor bugfix a...

Atlassian Bamboo < 5.4.3 / 5.5.1 / 5.6.0 XWork Library ClassLoader Manipulation Remote Code Execution

According to its self-reported version number, the instance of Atlassian Bamboo running on the remote host is version 5.4.x prior to 5.4.3 or 5.5.x prior to 5.5.1. It is, therefore, affected by an unspecified flaw in the XWork library. An unauthenticated, remote attacker can exploit this, via...

Atlassian Confluence < 5.5.2 XWork Library ClassLoader Manipulation Remote Code Execution

According to its self-reported version number, the instance of Atlassian Confluence on the remote host is a version prior to 5.5.2. It is, therefore, affected by a flaw in the XWork library that allows a remote, unauthenticated user to alter the ClassLoader. This could allow an attacker to execut...

Seasar S2Struts vulnerable to ClassLoader manipulation

Overview Seasar S2Struts provided by The Seasar Foundation is a software framework for creating Java web applications. Seasar S2Struts bundles Apache Struts that is vulnerable to the ClassLoader manipulation CVE-2014-0114. Consequently, Seasar S2Struts contains the same vulnerability. Cybozu, Inc...

JVN#19118282: Seasar S2Struts vulnerable to ClassLoader manipulation

Seasar S2Struts provided by The Seasar Foundation is a software framework for creating Java web applications. Seasar S2Struts bundles Apache Struts that is vulnerable to the ClassLoader manipulation CVE-2014-0114. Consequently, Seasar S2Struts contains the same vulnerability. Impact On a server...

VMware vCenter Operations Management Suite Multiple Vulnerabilities (VMSA-2014-0007)

The version of vCenter Operations Manager installed on the remote host is prior to 5.8.2. It is, therefore, affected by the following vulnerabilities : - An error exists in the included Apache Tomcat version related to handling 'Content-Type' HTTP headers and multipart requests such as file uploa...

Java RMIConnectionImpl Deserialization Privilege Escalation Exploit

No description provided by source. $Id: javarmiconnectionimpl.rb 10490 2010-09-27 00:09:17Z egypt $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...

Apache Struts ClassLoader Manipulation Remote Code Execution

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Apache Struts ClassLoader Manipulation Remote Code Execution', 'Description' = %q This module...

VMware Patches Apache Struts Flaws in vCOPS

VMware has patched several serious security vulnerabilities in its vCenter Operations Center Management suite, one of which could lead to remote code execution on vulnerable machines. All of the vulnerabilities that the company patched lie in the Apache Struts Java application framework, and the...

SUSE-SU-2015:0886-1 Security update for struts

Apache Struts was updated to fix a security issue: CVE-2014-0114: The ActionForm object in Apache Struts 1.x through 1.3.10 allows remote attackers to 'manipulate' the ClassLoader and execute arbitrary code via the class parameter, which is passed to the getClass method. Security Issue reference:...

openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2012:1424-1) (ROBOT)

java 1.6.0 openjdk / icedtea was updated to 1.11.5 bnc785433 - Security fixes - S6631398, CVE-2012-3216: FilePermission improved path checking - S7093490: adjust package access in rmiregistry - S7143535, CVE-2012-5068: ScriptEngine corrected permissions - S7167656, CVE-2012-5077: Multiple Seeders...