950 matches found
GHSA-24WW-MC5X-XC43 Man-in-the-middle attack in Apache Cassandra
In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and...
CVE-2021-26705
An issue was discovered in SquareBox CatDV Server through 9.2. An attacker can invoke sensitive RMI methods such as getConnections without authentication, the results of which can be used to generate valid authentication tokens. These tokens can then be used to invoke administrative tasks within...
SquareBox CatDV Server 访问控制错误漏洞
Square Box Systems SquareBox CatDV Server is a software application from Square Box Systems. It provides an agile media management and workflow orchestration platform. A security vulnerability exists in SquareBox CatDV Server through 9.2, which can be exploited by an attacker to generate valid...
ALERT: Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process
Researchers have uncovered gaps in Amazon's skill vetting process for the Alexa voice assistant ecosystem that could allow a malicious actor to publish a deceptive skill under any arbitrary developer name and even make backend code changes after approval to trick users into giving up sensitive...
ALERT: Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process
Researchers have uncovered gaps in Amazon's skill vetting process for the Alexa voice assistant ecosystem that could allow a malicious actor to publish a deceptive skill under any arbitrary developer name and even make backend code changes after approval to trick users into giving up sensitive...
Code injection
TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with for example OS commands in the opt parameter...
IBM Security Identity Governance and Intelligence 访问控制错误漏洞
IBM Security Identity Governance and Intelligence IGI is a suite of identity management and governance solutions from IBM in the United States. The product includes features such as lifecycle management, access risk assessment and identity management. An authentication vulnerability exists in IBM...
Design/Logic Flaw
Hugo is a fast and Flexible Static Site Generator built in Go. Hugo depends on Go's os/exec for certain features, e.g. for rendering of Pandoc documents if these binaries are found in the system %PATH% on Windows. In Hugo before version 0.79.1, if a malicious file with the same name exe or bat is...
CVE-2020-26284
Hugo is a fast and Flexible Static Site Generator built in Go. Hugo depends on Go's os/exec for certain features, e.g. for rendering of Pandoc documents if these binaries are found in the system %PATH% on Windows. In Hugo before version 0.79.1, if a malicious file with the same name exe or bat is...
Exploit for CVE-2020-2551
CVE-2020-2551 Weblogic IIOP 反序列化 测试环境 Weblogic10.3.6+jdk1.6 打包好的jar包 提取码:a6ob 漏洞利用 下载jar包,然后使用marshalsec起一个恶意的RMI服务,本地编译一个exp.java java package payload; import java.io.IOException; public class exp public exp String cmd = "curl http://172.16.1.1/success"; try...
GHSA-P694-23Q3-RVRC Remote Code Execution in Apache Synapse
In Apache Synapse, by default no authentication is required for Java Remote Method Invocation RMI. So Apache Synapse 3.0.1 or all previous releases 3.0.0, 2.1.0, 2.0.0, 1.2, 1.1.2, 1.1.1 allows remote code execution attacks that can be performed by injecting specially crafted serialized objects...
Multiple vulnerabilities in HP Device Manager
HP published an advisory for three vulnerabilities in its Device Manager software, which lets IT admins remotely manage HP thin clients. CVEs included in the advisory are CVE-2020-6925 weak cipher, CVE-2020-6926 remote method invocation, and CVE-2020-6927 local privilege escalation. Some of these...
It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission such as via sudo rules could use this flaw to escalate their privileges.
...
CVE-2020-14342
It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges...
CVE-2020-14342
CVE-2020-14342 affects cifs-utils’ mount.cifs, which can invoke a shell when requesting the Samba password. This enables local attackers with sufficient permissions (for example via sudo rule configurations) to inject commands and escalate privileges. Public advisories confirm a shell-injection f...
wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service
A vulnerability was found in Wildfly's Enterprise Java Beans EJB, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the...
wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service
A vulnerability was found in Wildfly's Enterprise Java Beans EJB, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the...
wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service
A vulnerability was found in Wildfly's Enterprise Java Beans EJB, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the...
wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service
A vulnerability was found in Wildfly's Enterprise Java Beans EJB, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the...
Apache Cassandra RMI Rebinding Vulnerability
Apache Cassandra is an open source distributed NoSQL database system . Apache Cassandra suffers from an RMI rebinding vulnerability that originates from a man-in-the-middle attack by manipulating the RMI registry to perform a man-in-the-middle attack and capture usernames and passwords used to...