CVE-2022-25842

All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip using a specially crafted archive that holds directory traversal filenames e.g. ../../evil.exe. The attacker can overwrite executable files and either invoke...

one-java-agent 路径遍历漏洞

one-java-agent is to provide plug-in support to unify the management of numerous Java Agent. A security vulnerability exists in all versions of com.alibaba.oneagent:one-java-agent-plugin, which can be exploited by an attacker to overwrite executables and remotely invoke them or wait for the syste...

com.alibaba.oneagent:one-java-agent (=0.0.1) potentially affected by CVE-2022-25842 via com.alibaba.oneagent:one-java-agent-plugin (=0.0.1)

com.alibaba.oneagent:one-java-agent-plugin MAVEN version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on com.alibaba.oneagent:one-java-agent-plugin and may be impacted: - com.alibaba.oneagent:one-java-agent =0.0.1 Source cves: CVE-2022-25842...

Arbitrary File Write via Archive Extraction (Zip Slip)

Overview Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip using a specially crafted archive that holds directory traversal filenames e.g. ../../evil.exe. The attacker can overwrite executable files and either invoke them remotely or wait for...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4jHotPatch This is a tool which injects a Java agent into...

APM Java Agent Security Update

APM Java Agent Local Privilege Escalation issue ESA-2021-30 A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at...

APM Java Agent Local Privilege Escalation

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a higher level of...

CVE-2021-37941

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a higher level of...

CVE-2021-37941

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a higher level of...

Privilege escalation

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a higher level of...

CVE-2021-37941

Summary: The CVE-2021-37941 issue affects the Elastic APM Java Agent. It enables local privilege escalation by allowing a user to attach a malicious file to an application running with the agent, potentially executing commands with higher privileges. Affected software: APM Java Agent (Elastic). A...

CVE-2021-37941

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a higher level of...

GE APM 安全漏洞

GE APM is an equipment monitoring system from General Electric GE. The system provides continuous monitoring of equipment operating status and faults. A security vulnerability exists in the GE APM Java agent that stems from the discovery of a local elevation of privilege issue in the APM Java...

APM Java Agent Security Update

APM Java Agent Local Privilege Escalation issue ESA-2021-29 A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account...

New Relic: Untrusted deserialization issue when loading newrelic.yml file in Java agent leads to code execution on host

Hi team, The New Relic Java agent is using SnakeYAML for deserialization of the newrelic.yml config file. SnakeYAML has a 'feature' which can lead to code execution, this is documented here. With the !!com.some.Class "arg1", "arg2" notation it's possible to call Java code during the deserializati...

What’s New in InsightAppSec and tCell: Q3 2020 in Review

Here at Rapid7, we’ve been quite busy continuously improving, expanding functionality, and testing new features for feedback with our customers across our application security portfolio. This includes InsightAppSec, our leading DAST solution, tCell by Rapid7, our next-gen cloud WAF and RASP...

CVE-2009-0618

Unspecified vulnerability in the Java agent in Cisco Application Networking Manager ANM before 2.0 Update A allows remote attackers to gain privileges, and cause a denial of service service outage by stopping processes, or obtain sensitive information by reading configuration files...

CVE-2009-0618

CVE-2009-0618 concerns the Cisco Application Networking Manager (ANM) Java agent privilege escalation. The connected advisories/records indicate that ANM versions prior to 2.0 Update A allow a remote attacker to view configuration files and modify ANM processes, including stopping services, poten...

Cisco Security Advisory: Cisco ACE Application Control Engine Device Manager and Application Networking Manager Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco ACE Application Control Engine Device Manager and Application Networking Manager Vulnerabilities Advisory ID: cisco-sa-20090225-anm http://www.cisco.com/warp/public/707/cisco-sa-20090225-anm.shtml Revision 1.0 For Public...

TIBCO Rendezvous <= 7.4.11 (add router) Remote BOF Exploit

No description provided by source. / Exploit: TIBCO RendezVous remote buffer overflow exploit for Win32 public version Affected products: Tibco RendezOVous version =7.4.11 Multiple Vulnerabilities Author: Andres Tarasco Acua atarasco @ sia.es Advisory: http://www.514.es Url: http://www.sia.es...