GHSA-8MJR-6C96-39W8 pydash Command Injection vulnerability

This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke and pydash.collections.invokemap accept dotted paths Deep Path Strings to target a nested Python object, relative to the original source object. These paths can be used to target...

PYSEC-2023-179

This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke and pydash.collections.invokemap accept dotted paths Deep Path Strings to target a nested Python object, relative to the original source object. These paths can be used to target...

Using the vSphere MOB (Managed Object Browser) to Troubleshoot Snapshot Creation

Purpose This article documents the procedure for manually creating a vSphere VM snapshot using the Managed Object Browser MOB. Solution Start by identifying the Managed Object Reference-ID MORef-ID of the VM for which the snapshot will be created. If the VM is being protected by Veeam Backup &...

Adobe ColdFusion Server invoke() Method Code Execution (CVE-2013-3350)

A remote code execution has been reported in Adobe ColdFusion server. The vulnerability is due to a bug in the invoke method. A remote attacker can exploit this issue by changing values on a page hosted on the affected server...

Java Applet - ProviderSkeleton Insecure Invoke Method (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class Metasploit3 false EXPLOITSTRING =...

Java Applet ProviderSkeleton Insecure Invoke Method

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class Metasploit3 false EXPLOITSTRING =...

CVE-2012-4820

CVE-2012-4820 affects IBM Java Runtime used in IBM WebSphere Real Time and other IBM products. The issue arises when code runs under a security manager, allowing remote attackers to escalate privileges by abusing insecure use of java.lang.reflect.Method invoke(). Affected IBM JREs include release...

icedtea-web: IcedTeaScriptableJavaObject:: invoke off-by-one heap-based buffer overflow

Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers to obtain sensitive information, cause a denial of service crash, or possibly execute arbitrary cod...