Lucene search
K

31 matches found

Nuclei
Nuclei
added 2 days ago57 views

XStream <1.4.6/1.4.10 - Remote Code Execution

Xstream API before 1.4.6 and 1.4.10 is susceptible to remote code execution. If the security framework has not been initialized, an attacker can run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. This can allow an attacker to...

9.8CVSS7.4AI score0.84362EPSS
Exploits5References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:33 a.m.6 views

SUSE CVE-2013-7285

Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON...

9.8CVSS8.8AI score0.84362EPSS
Exploits5References5
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.30 views

Mageia: Security Advisory (MGASA-2014-0100)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.5AI score0.84362EPSS
Exploits5References5
Prion
Prion
added 2019/07/23 1:15 p.m.18 views

Deserialization of untrusted data

It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON...

7.5CVSS8.2AI score0.94774EPSS
Exploits9References11Affected Software10
UbuntuCve
UbuntuCve
added 2019/07/23 1:15 p.m.59 views

CVE-2019-10173

It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON...

9.8CVSS7.1AI score0.94774EPSS
Exploits4References3
Debian CVE
Debian CVE
added 2019/07/23 12:50 p.m.39 views

CVE-2019-10173

It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON...

9.8CVSS8.3AI score0.94774EPSS
Exploits4
Cvelist
Cvelist
added 2019/07/23 12:50 p.m.30 views

CVE-2019-10173

It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON...

7.3CVSS9.6AI score0.94774EPSS
Exploits4References11
Veracode
Veracode
added 2019/07/23 5:16 a.m.31 views

Remote Code Execution (RCE)

XStream is vulnerable to remote code execution. The vulnerability exists due to the regression of security vulnerability CVE-2013-7285, allowing a remote attacker to trigger RCE during unmarshaling XML or any supported format...

9.8CVSS8.4AI score0.94774EPSS
Exploits9References14Affected Software1
RedHat Linux
RedHat Linux
added 2019/07/22 2:53 p.m.6 views

xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285)

It was found that xstream API version 1.4.10 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. This a regression of...

9.8CVSS7.5AI score0.94774EPSS
Exploits9References5
RedHat Linux
RedHat Linux
added 2019/07/22 2:53 p.m.108 views

Important: Red Hat Security Advisory: Red Hat Process Automation Manager 7.4.0 Security Update

An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

10CVSS7.6AI score0.94774EPSS
Exploits9References14
RedhatCVE
RedhatCVE
added 2019/07/22 2:36 p.m.63 views

CVE-2019-10173

It was found that xstream API version 1.4.10 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. This a regression of...

9.8CVSS6AI score0.94774EPSS
Exploits9References2
vulnersOsv
vulnersOsv
added 2019/05/29 6:5 p.m.5 views

ai.aletyx.kogito:aletyx-kogito-ai-addons-quarkus-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-quarkus-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +10696 more potentially affected by CVE-2013-7285 via com.thoughtworks.xstream:xstream (>=1.1.1 <=1.4.6)

com.thoughtworks.xstream:xstream MAVEN version =1.1.1, =0.1.0, =0.1.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =cloud-0.1, =0.0.1, =0.0.10, =0.0.10, =0.0.10, =0.2.2, =0.0.11, =0.8.38, =0.8.42 and more Source cves: CVE-2013-7285 Source advisory: OSV:GHSA-F554-X222-WGF7...

9.8CVSS7.1AI score0.84362EPSS
Exploits5
Circl
Circl
added 2019/05/15 8:33 p.m.4 views

CVE-2013-7285

creationtimestamp| type| source ---|---|--- 2019-05-15 20:33:21+00:00| seen| https://t.me/cibsecurity/4332 2021-03-16 11:01:03+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/2917...

9.8CVSS7.8AI score0.84362EPSS
Exploits5References2
OSV
OSV
added 2019/05/15 5:29 p.m.12 views

CVE-2013-7285

Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON...

9.8CVSS9.6AI score0.84362EPSS
Exploits5References11
Debian CVE
Debian CVE
added 2019/05/15 4:54 p.m.54 views

CVE-2013-7285

Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON...

9.8CVSS8.2AI score0.84362EPSS
Exploits5
CVE
CVE
added 2019/05/15 4:54 p.m.395 views

CVE-2013-7285

CVE-2013-7285: XStream API (versions up to 1.4.6 and 1.4.10) may allow remote code execution if the security framework is not initialized during unmarshalling of XML/JSON streams. IBM’s bulletin for IBM Storage Copy Data Management cites this as a vulnerability affecting 2.2.x releases and instru...

9.8CVSS9.4AI score0.84362EPSS
Exploits5References9Affected Software1
0day.today
0day.today
added 2016/01/07 12:0 a.m.92 views

OpenMRS Reporting Module 0.9.7 - Remote Code Execution

Exploit for java platform in category web applications Title: Unauthenticated remote code execution in OpenMRS Product: OpenMRS Vendor: OpenMRS Inc. Tested versions: See summary Status: Fixed by vendor Reported by: Brian D. Hysell Product description: OpenMRS is "the world's leading open source...

5.5CVSS0.84362EPSS
Exploits5
Exploit DB
Exploit DB
added 2016/01/07 12:0 a.m.88 views

OpenMRS Reporting Module 0.9.7 - Remote Code Execution

Title: Unauthenticated remote code execution in OpenMRS Product: OpenMRS Vendor: OpenMRS Inc. Tested versions: See summary Status: Fixed by vendor Reported by: Brian D. Hysell Product description: OpenMRS is "the world's leading open source enterprise electronic medical record system platform."...

9.8CVSS9.7AI score0.84362EPSS
Exploits5
exploitpack
exploitpack
added 2016/01/07 12:0 a.m.49 views

OpenMRS Reporting Module 0.9.7 - Remote Code Execution

OpenMRS Reporting Module 0.9.7 - Remote Code Execution Title: Unauthenticated remote code execution in OpenMRS Product: OpenMRS Vendor: OpenMRS Inc. Tested versions: See summary Status: Fixed by vendor Reported by: Brian D. Hysell Product description: OpenMRS is "the world's leading open source...

7.5CVSS8.9AI score0.84362EPSS
Exploits5
Packet Storm
Packet Storm
added 2016/01/06 12:0 a.m.56 views

OpenMRS Reporting Module 0.9.7 Remote Code Execution

Title: Unauthenticated remote code execution in OpenMRS Product: OpenMRS Vendor: OpenMRS Inc. Tested versions: See summary Status: Fixed by vendor Reported by: Brian D. Hysell Product description: OpenMRS is "the world's leading open source enterprise electronic medical record system platform."...

5.5CVSS8.6AI score0.84362EPSS
Exploits5
Rows per page
Query Builder