Cisco Data Center Network Manager 11.2 - Remote Code Execution Exploit

Exploit for java platform in category web applications !/usr/bin/python """ Cisco Data Center Network Manager SanWS importTS Command Injection Remote Code Execution Vulnerability Tested on: Cisco DCNM 11.2.1 Installer for Windows 64-bit - Release: 11.21 - Release Date: 18-Jun-2019 - FileName:...

java security update

CentOS Errata and Security Advisory CESA-2020:0157 An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

Automatic API Attack Tool - Customizable API Attack Tool Takes An API Specification As An Input, Generates And Runs Attacks That Are Based On It As An Output

Imperva's customizable API attack tool takes an API specification as an input, and generates and runs attacks that are based on it as an output. The tool is able to parse an API specification and create fuzzing attack scenarios based on what is defined in the API specification. Each endpoint is...

OpenMRS Java Deserialization RCE

OpenMRS is an open-source platform that supplies users with a customizable medical record system. There exists an object deserialization vulnerability in the webservices.rest module used in OpenMRS Platform. Unauthenticated remote code execution can be achieved by sending a malicious XML payload ...

Security Bulletin:Multiple vulnerabilities in IBM Java Runtime may affect Tivoli Netcool Performance Manager for Wireless,Oracle July 2019 CPU

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 & 8 used by Tivoli Netcool Performance Manager for Wireless. Tivoli Netcool Performance Manager for Wireless has addressed the applicable CVEs.These issues were disclosed as part of the IBM Java SDK updates in...

java security update

CentOS Errata and Security Advisory CESA-2019:3128 An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detail...

ACT Platform - Open Platform For Collection And Exchange Of Threat Intelligence Information

Semi-Automated Cyber Threat Intelligence ACT is a research project led by mnemonic as with contributions from the University of Oslo, NTNU, Norwegian Security Authority NSM, KraftCERT and Nordic Financial CERT. The main objective of the ACT project is to develop a platform for cyber threat...

Central Security Project: OS Command Injection in Nexus Repository Manager 2.x(bypass CVE-2019-5475)

OS Command Injection in Nexus Repository Manager 2.xbypass CVE-2019-5475 Maven artifact groupId: org.sonatype.nexus.plugins artifactId: nexus-yum-repository-plugin version: 2.14.14-01 Vulnerability Vulnerability Description The Nexus Yum Repository Plugin is vulnerable to Remote Code Execution. A...

Central Security Project: OS Command Injection in Nexus Repository Manager 2.x

Maven artifact groupId: org.sonatype.nexus.plugins artifactId: nexus-yum-repository-plugin version: 2.14.9-01 Vulnerability Vulnerability Description The Nexus Yum Repository Plugin is vulnerable to Remote Code Execution. All instances using CommandLineExecutor.java with user-supplied data is...

SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2019:1644-1)

This update for java-180-ibm fixes the following issues : Update to Java 8.0 Service Refresh 5 Fix Pack 35. Security issues fixed : CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes bsc1134718. CVE-2019-2698: Fixed out of bounds access flaw in the 2D component bsc1132729...

SUSE-SU-2019:1644-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Update to Java 8.0 Service Refresh 5 Fix Pack 35. Security issues fixed: - CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes bsc1134718. - CVE-2019-2698: Fixed out of bounds access flaw in the 2D component bsc1132729. -...

Authentication Bypass

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws t...

Denial Of Service

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Multiple flaws were discovered in the CORBA, Libraries, RMI, Serialization, and 2D components in OpenJDK. An untrusted Java application or applet could use these flaws t...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM ILOG CPLEX Optimization Studio and IBM CPLEX Enterprise Server (CVE-2018-1890, CVE-2018-12547, CVE-2019-2426)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7 & 8 used by IBM CPLEX Optimization Studio and IBM CPLEX Enterprise Server. IBM CPLEX Optimization Studio and IBM CPLEX Enterprise Server have addressed the applicable CVEs. Vulnerability Details If you run you...

OpenMRS Platform Insecure Object Deserialization

Insecure Object Deserialization on the OpenMRS Platform Vulnerability Details CVE ID: CVE-2018-19276 Access Vector: Remote Security Risk: Critical Vulnerability: CWE-502 CVSS Base Score: 10.0 CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N JAVA 8 ENVIRONMENT By injecting an XML payload ...

OpenMRS Platform 2.24.0 - Insecure Object Deserialization

OpenMRS Platform 2.24.0 - Insecure Object Deserialization Insecure Object Deserialization on the OpenMRS Platform Vulnerability Details CVE ID: CVE-2018-19276 Access Vector: Remote Security Risk: Critical Vulnerability: CWE-502 CVSS Base Score: 10.0 CVSS vector:...

OpenMRS Platform < 2.24.0 - Insecure Object Deserialization

Insecure Object Deserialization on the OpenMRS Platform Vulnerability Details CVE ID: CVE-2018-19276 Access Vector: Remote Security Risk: Critical Vulnerability: CWE-502 CVSS Base Score: 10.0 CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N JAVA 8 ENVIRONMENT By injecting an XML payload ...

OpenMRS Platform < 2.24.0 - Insecure Object Deserialization Vulnerability

Exploit for java platform in category web applications Insecure Object Deserialization on the OpenMRS Platform Vulnerability Details CVE ID: CVE-2018-19276 Access Vector: Remote Security Risk: Critical Vulnerability: CWE-502 CVSS Base Score: 10.0 CVSS vector:...

CVE-2018-1000817

Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in Download .class files and any arbitrary file. This attack appear to be exploitable via Specially...

Improper Input Validation in async-http-client

Async Http Client aka async-http-client before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL CVE-2016-8624 and Oracle Java 8 java.net.URL...