OpenJDK: incorrect handling of references in DGC (RMI, 8163958)

It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application...

OpenJDK: incorrect handling of references in DGC (RMI, 8163958)

It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application...

OpenJDK: incorrect handling of references in DGC (RMI, 8163958)

It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application...

OpenJDK: incorrect handling of references in DGC (RMI, 8163958)

It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application...

JVN#99737748: AppCheck may insecurely invoke an executable file

AppCheck provided by JIRANSOFT JAPAN, INC. is an anti-ransomware software. AppCheck and its installer contains an issue with the search path for executable files, which may lead to insecurely invoke an executable file CWE-427. Impact Arbitrary code may be executed with the privilege of the user...

Apache Struts - REST Plugin With Dynamic Method Invocation Remote Code Execution

!/usr/bin/python -- coding: utf-8 -- import requests import random import base64 upperAlpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZ" lowerAlpha = "abcdefghijklmnopqrstuvwxyz" numerals = "0123456789" allchars = chr for in xrange0x00, 0xFF + 0x01 def randbaselength, bad, chars: '''generate a random string wi...

Hitachi Device Manager Arbitrary Command Execution Vulnerability

Hitachi Device Manager is a suite of mobile device management software from Hitachi, Japan. The software manages multiple Hitachi storage systems from a single console and provides logical view capabilities to harmonize storage assets with business applications. An arbitrary command execution...

OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802)

It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application...

JDK: insecure use of invoke method in CORBA component, incorrect CVE-2013-3009 fix

The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 6.0.16.25, 6 R1 before SR8 FP25 6.1.8.25, 7 before SR9 FP40 7.0.9.40, 7 R1 before SR3 FP40 7.1.3.40, and 8 before SR3 8.0.3.0 uses the invoke method of the java.lang.reflect.Method class in an...

Zabbix Server Active Proxy Trapper Remote Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X . A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this...

Design/Logic Flaw

NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation aka JMX RMI service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors...

CVE-2017-7345

NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP prior to version 7.1P1 are affected by an information-disclosure vulnerability caused by not properly binding the JMX RMI service to the network. This allows remote attackers to obtain sensitive informatio...

CVE-2017-7345

NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation aka JMX RMI service to the network, which allows remote attackers to obtain sensitive information via unspecified vectors...

Remote Code Execution (RCE) Via Deserialization Of Untrusted Data

spring-flex-core is vulnerable to remote code execution RCE via deserialization of untrusted data. The vulnerability is possible because it has a flaw in the AMF3 deserialization using the java.io.Externalizable class instances. This allows attackers to request a Remote Method Invocation RMI remo...

StoreFront 3.9 Install Fails With "Message Exception Has Been Thrown by the Target of an Invocation"

StoreFront installation fails with no errors. Event Id 0"Message exception has been thrown by the target of an invocation" In StoreFront "Citrix-DeliveryServicesRoleManage" logs, you find Error Unexpected exception. Message: Exception has been thrown by the target of an invocation.. Stack Trace =...

NTP Privilege Escalation

Source: http://www.halfdog.net/Security/2015/NtpCronjobUserNtpToRootPrivilegeEscalation/ Introduction Problem description: The cronjob script bundled with ntp package is intended to perform cleanup on statistics files produced by NTP daemon running with statistics enabled. The script is run as ro...

OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802)

It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application...

OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802)

It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application...

Network Reconnaissance & Vulnerability Assessment Tool: ReconScan

Network Reconnaissance & Vulnerability Assessment Tool The project currently consists of two major components: a script invoking and aggregating the results of existing tools, and a second script for automated analysis of the aforementioned results from the perspective of exploitability. In terms...

OpenJDK: untrusted input deserialization in RMI registry and DCG (RMI, 8156802)

It was discovered that the RMI registry and DCG implementations in the RMI component of OpenJDK performed deserialization of untrusted inputs. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application...