xmlrpc: Deserialization of untrusted Java object through <ex:serializable> tag

A flaw was discovered in the Apache XML-RPC ws-xmlrpc library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacker could use this vulnerability to execute arbitrary code via a crafted serialized Java object in a element...

DEBIAN-CVE-2017-7537

It was found that a mock CMC authentication plugin with a hardcoded secret was accidentally enabled by default in the pki-core package before 10.6.4. An attacker could potentially use this flaw to bypass the regular authentication process and trick the CA server into issuing certificates...

GHSA-4W88-RJJ3-X7WP Chromium Remote Code Execution in electron

Affected versions of ElectronJS are susceptible to a remote code execution vulnerability that occurs when an affected application access remote content, even if the sandbox option is enabled. Recommendation Update to electron version 1.7.8 or later...

UBUNTU-CVE-2018-10871

389-ds-base before versions 1.3.8.5, 1.4.0.12 is vulnerable to a Cleartext Storage of Sensitive Information. By default, when the Replica and/or retroChangeLog plugins are enabled, 389-ds-base stores passwords in plaintext format in their respective changelog files. An attacker with sufficiently...

Apache Httpd < 2.4.35 : DoS for HTTP/2 connections by continuous SETTINGS

By sending continous SETTINGS frames of maximum size an ongoing HTTP/2 connection could be kept busy and would never time out. This can be abused for a DoS on the server. This only affect a server that has enabled the h2 protocol...

CVE-2018-6969

VMware Tools 10.x and prior before 10.3.0 contains an out-of-bounds read vulnerability in HGFS. Successful exploitation of this issue may lead to information disclosure or may allow attackers to escalate their privileges on the guest VMs. In order to be able to exploit this issue, file sharing mu...

The vulnerability of the Qualcomm Data Network Stack & Connectivity component of the Android operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the Qualcomm Data Network Stack & Connectivity component of the Android operating system relates to the use of memory after it is freed, during attempts to log values of the RIL token in debug mode after a call ends if the eMBMS service is enabled. Exploiting this vulnerabili...

Security Bulletin: IBM Rational ClearCase update for security vulnerabilities in OpenSSL component

Summary IBM Rational ClearCase uses the OpenSSL component for establishing SSL connections. ClearCase now ships an updated version of OpenSSL on Unix and Linux platforms, and uses a new component called IBM GSKit on Windows which also mitigates against the OpenSSL vulnerabilities. Vulnerability...

Cortana Software Could Help Anyone Unlock Your Windows 10 Computer

Cortana, an artificial intelligence-based smart assistant that Microsoft has built into every version of Windows 10, could help attackers unlock your system password. With its latest patch Tuesday release, Microsoft has pushed an important update to address an easily exploitable vulnerability in...

glibc - realpath() Privilege Escalation Exploit

Exploit for linux platform in category local exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "glibc 'realpath' Privilege Escalation", 'Description' = %q This module attempts to gain roo...

UBUNTU-CVE-2018-5738

Change 4777 introduced in October 2017 introduced an unforeseen issue in releases which were issued after that date, affecting which clients are permitted to make recursive queries to a BIND nameserver. The intended and documented behavior is that if an operator has not specified a value for the...

CVE-2018-5165

In 32-bit versions of Firefox, the Adobe Flash plugin setting for "Enable Adobe Flash protected mode" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could cause users to...

CVE-2017-7789

If a server sends two Strict-Transport-Security STS headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security HSTS will not be enabled for the connection. This vulnerability affects Firefox 55...

Design/Logic Flaw

An issue where a "" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. This vulnerability affects Firefox 50...

WordPress WP Events Calendar plugin <= 1.0 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability found by Ozkan Mustafa Akkus in premium WordPress WP Events Calendar plugin versions = 1.0. An attacker can perform attacks via calendar ajax queries. However, this plugin is fully PHP-enabled. You can run SQL query with "month" and "year" parameters. Solution 5...

xmlrpc: Deserialization of untrusted Java object through <ex:serializable> tag

A flaw was discovered in the Apache XML-RPC ws-xmlrpc library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacker could use this vulnerability to execute arbitrary code via a crafted serialized Java object in a element...

xmlrpc: Deserialization of untrusted Java object through <ex:serializable> tag

A flaw was discovered in the Apache XML-RPC ws-xmlrpc library that deserializes untrusted data when enabledForExtensions setting is enabled. A remote attacker could use this vulnerability to execute arbitrary code via a crafted serialized Java object in a element...

CVE-2018-11567

Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. The reprompt feature is designed so that if Alexa does not receive an input within 8 seconds, the device can speak a reprompt, then wait an additional 8 seconds for input; if the user still...

WordPress Events Calendar 1.0 SQL Injection

Exploit Title: Wordpress Plugin Events Calendar - SQL Injection Dork: N/A Date: 2018-05-27 Exploit Author: Azkan Mustafa AkkuA AkkuS Vendor: Wachipi Vendor Homepage: https://codecanyon.net/item/wp-events-calendar-plugin/5025660 Version: 1.0 Category: Webapps Tested on: Kali linux Description : An...

Wordpress Booking Calendar 3.0.0 Plugin - SQL Injection / Cross-Site Scripting Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor: Wachipi Vendor Homepage: https://codecanyon.net/item/wp-booking-calendar/4639530 Version: 3.0.0...