61 matches found
WordPress Formidable Form Builder plugin <= 4.02 - Unsafe Deserialisation vulnerability
Unsafe Deserialisation vulnerability discovered in WordPress Formidable Form Builder plugin versions = 4.02. Solution Update the WordPress Formidable Form Builder plugin to the latest available version at least 4.02.01...
Important: Red Hat Security Advisory: Red Hat JBoss BPM Suite 6.4.11 security update
An update is now available for Red Hat JBoss BPM Suite. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...
RHEL 6 / 7 : jboss-ec2-eap package for EAP 7.1.2 (Important) (RHSA-2018:1249)
The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1249 advisory. The eap7-jboss-ec2-eap packages provide scripts for Red Hat JBoss Enterprise Application Platform running on the Amazon Web Services AWS...
Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 7.1.2 on RHEL 6
Updated packages that provide Red Hat JBoss Enterprise Application Platform 7.1.2 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...
RHEL 5 / 6 / 7 : Red Hat JBoss Enterprise Application Platform 6.4 (RHSA-2018:0627)
The remote Redhat Enterprise Linux 5 / 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0627 advisory. - slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution CVE-2018-8088 Note that Nessus has not...
Debian DSA-4166-1 : openjdk-7 - security update
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code, incorrect LDAP/GSS authentication, insecure use of cryptography or bypass of deserialisation restrictions. C Tenable...
CentOS Update for slf4j CESA-2018:0592 centos7
Check the version of slf4j SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882865";...
Important: Red Hat Security Advisory: rh-maven35-slf4j security update
An update for rh-maven35-slf4j is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Debian DSA-4144-1 : openjdk-8 - security update
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in denial of service, sandbox bypass, execution of arbitrary code, incorrect LDAP/GSS authentication, insecure use of cryptography or bypass of deserialisation restrictions. C Tenable...
[SECURITY] [DSA 4144-1] openjdk-8 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4144-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 17, 2018 https://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-4144-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Exploit for Inadequate Encryption Strength in Telerik Ui_For_Asp.Net_Ajax
RAUcrypto !Languagehttps://img.shields.io/badge/Lang-Pyth...
Debian: Security Advisory (DSA-3862-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 3524-1 (activemq - security update)
It was discovered that the ActiveMQ Java message broker performs unsafe deserialisation. For additional information, please refer to the upstream advisory at http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt . OpenVAS Vulnerability Test $Id: deb3524.nasl 6608...
CVE-2015-8360: Deserialisation Resulting in Remote Code Execution Vulnerability
Bamboo had a resource that deserialised arbitrary user input without restriction. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Bamboo. To exploit this issue, attackers need to be able to access the Bamboo JMS port port 5466...
CVE-2015-8360: Deserialisation Resulting in Remote Code Execution Vulnerability
Bamboo had a resource that deserialised arbitrary user input without restriction. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Bamboo. To exploit this issue, attackers need to be able to access the Bamboo JMS port port 5466...
CVE-2014-9757: Deserialisation Through Smack Resulting in Remote Code Execution Vulnerability
Bamboo used an old version of the Smack XMPP library that deserialises messages received from XMPP. Attackers can use this vulnerability to execute Java code of their choice on systems that have a vulnerable version of Bamboo if a XMPP connection has been configured. To exploit this issue, Bamboo...
Joomla HTTP Header Unauthenticated Remote Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Joomla HTTP Header Unauthenticated Remote Code Execution', 'Description' = %q Joomla suffers from an unauthenticated remote code...
Debian Security Advisory DSA 3403-1 (libcommons-collections3-java - security update)
This update backports changes from the commons-collections 3.2.2 release which disable the deserialisation of the functors classes unless the system property org.apache.commons.collections.enableUnsafeSerialization is set to true . This fixes a vulnerability in unsafe applications deserialising...
Debian: Security Advisory (DSA-3403-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...