Lucene search
K

91 matches found

Positive Technologies
Positive Technologies
added 2021/01/09 12:0 a.m.7 views

PT-2021-7578 · Sap · Sap Netweaver As Java

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS for Java version 7.50 Description: The issue is related to improper access control in SAP NetWeaver AS for Java, allowing an unauthenticated attacker to attach to an open interface and utilize an open naming and directory API...

9.8CVSS9.1AI score0.15729EPSS
Exploits0References6
OSV
OSV
added 2021/01/06 11:15 p.m.2 views

DEBIAN-CVE-2020-36188

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource...

8.1CVSS8.1AI score0.10911EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2020/10/26 8:32 p.m.4 views

OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990)

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JNDI. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

4.3CVSS7.1AI score0.02296EPSS
Exploits0References4
OSV
OSV
added 2020/10/21 3:15 p.m.2 views

DEBIAN-CVE-2020-14781

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JNDI. Supported versions that are affected are Java SE: 7u271, 8u261, 11.0.8 and 15; Java SE Embedded: 8u261. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple...

3.7CVSS5.7AI score0.02296EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/10/14 12:0 a.m.5 views

The vulnerability of the oadd.org.apache.xalan.lib.sql.JNDIConnectionPool component in the Jackson-databind library of the FasterXML project allows a hacker to execute arbitrary code.

The vulnerability of the oadd.org.apache.xalan.lib.sql.JNDIConnectionPool component in the Jackson-databind library of the FasterXML project is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

8.1CVSS7.4AI score0.08607EPSS
Exploits0References8Affected Software11
RedHat Linux
RedHat Linux
added 2020/09/07 12:58 p.m.5 views

jackson-databind: Lacks certain xbean-reflect/JNDI blocking

A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A "gadget" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabili...

9.8CVSS7.1AI score0.26587EPSS
Exploits5References4
Gitee
Gitee
added 2020/07/10 9:15 a.m.1 views

SpringBootVulExploit

This repository contains a collection of Spring Boot vulnerability exploitation tools and techniques. The tools are designed to exploit various vulnerabilities in Spring Boot applications, including remote code execution RCE, privilege escalation, and data exfiltration. The repository includes...

8.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2020/05/18 10:24 a.m.3 views

jackson-databind: Serialization gadgets in classes of the commons-configuration package

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...

9.8CVSS7.7AI score0.0544EPSS
Exploits0References4
OSV
OSV
added 2020/03/02 5:15 p.m.5 views

UBUNTU-CVE-2019-14892

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...

9.8CVSS7.4AI score0.0544EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/01/21 3:22 a.m.3 views

jackson-databind: Serialization gadgets in classes of the commons-configuration package

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...

9.8CVSS7.7AI score0.0544EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/01/21 2:57 a.m.3 views

jackson-databind: Serialization gadgets in classes of the commons-configuration package

A flaw was discovered in jackson-databind, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code...

9.8CVSS7.7AI score0.0544EPSS
Exploits0References4
OSV
OSV
added 2019/10/12 9:15 p.m.2 views

DEBIAN-CVE-2019-17531

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific property for an externally exposed JSON endpoint and the service has the apache-log4j-extra version 1.2.x jar in the classpath, and an...

9.8CVSS8.2AI score0.05329EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/01/23 12:0 a.m.8 views

The vulnerability of Java SE, Java SE Embedded, and JRockit software platforms lies in their lack of access control mechanisms, allowing attackers to gain full control over the application.

The vulnerability of the JNDI component in Java SE, Java SE Embedded, and Jrockit programs is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain full control over the application...

8.3CVSS6.5AI score0.07215EPSS
Exploits2References3Affected Software2
Ubuntu
Ubuntu
added 2018/11/16 12:53 a.m.142 views

USN-3824-1: OpenJDK 7 vulnerabilities

It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. CVE-2018-3136 Artem Smotrakov...

8.3CVSS7AI score0.07215EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2018/11/16 12:0 a.m.38 views

Ubuntu 14.04 LTS : OpenJDK 7 vulnerabilities (USN-3824-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3824-1 advisory. It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibl...

8.3CVSS7.1AI score0.07215EPSS
Exploits2References6
Ubuntu
Ubuntu
added 2018/10/30 7:37 p.m.552 views

USN-3804-1: OpenJDK vulnerabilities

It was discovered that the Security component of OpenJDK did not properly ensure that manifest elements were signed before use. An attacker could possibly use this to specially construct an untrusted Java application or applet that could escape sandbox restrictions. CVE-2018-3136 Artem Smotrakov...

9CVSS7AI score0.07215EPSS
Exploits2
OSV
OSV
added 2018/10/16 12:0 a.m.2 views

UBUNTU-CVE-2018-3149

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JNDI. Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with...

8.3CVSS6.7AI score0.07215EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2018/02/26 9:32 p.m.5 views

OpenJDK: unbounded memory allocation in BasicAttributes deserialization (JNDI, 8191142)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JNDI. Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151; JRockit: R28.3.16. Easily exploitable vulnerability allows unauthenticated attacker wit...

4.3CVSS7.3AI score0.04675EPSS
Exploits0References4
CNVD
CNVD
added 2018/01/17 12:0 a.m.2 views

Unspecified Vulnerability in Oracle Java SE, Java SE Embedded and Jrockit (CNVD-2018-02243)

Oracle Java SE, Java SE Embedded, and JRockit are products of Oracle Corporation. Java SE Java Platform Standard Edition is used to develop and deploy Java applications for desktops, servers, and embedded devices and real-time environments; Java SE Embedded is a Java platform for developing...

4.3CVSS9.1AI score0.04675EPSS
Exploits0References1
myhack58
myhack58
added 2016/10/11 12:0 a.m.93 views

Jndi injection and Spring RCE vulnerability analysis-vulnerability warning-the black bar safety net

Foreword Because before has been traveling, and haven't done the research, eleven during the re-focus of the 2 0 1 6 BlackHat the above subject, wherein jndi injection caught my attention, this paper mainly divided into the following 3 sections, the understanding of jndi, analysis jndi injection...

0.5AI score
Exploits0
Rows per page
Query Builder