Remote code execution

A remote code execution vulnerability exists in MapR CLDB code, specifically in the JSON framework that is used in the CLDB code that handles login and ticket issuance. An attacker can use the 'class' property of the JSON request sent to the CLDB to influence the JSON library's decision on which...

CVE-2019-12017

A remote code execution vulnerability exists in MapR CLDB code, specifically in the JSON framework that is used in the CLDB code that handles login and ticket issuance. An attacker can use the 'class' property of the JSON request sent to the CLDB to influence the JSON library's decision on which...

CVE-2019-12017

CVE-2019-12017 describes a remote code execution in MapR CLDB. An attacker could exploit the CLDB’s JSON handling by manipulating the JSON request’s class property, causing the deserializer to load a malicious Java class via a remote URLClassLoader and instantiate it in CLDB. This leads to arbitr...

Deserialization of Untrusted Data in Apache Storm

In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class...

GHSA-25PC-85QF-6J69 Deserialization of Untrusted Data in Apache Storm

In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class...

CVE-2018-11779

In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class...

CVE-2018-11779

Technical details about CVE-2018-11779 are not provided in the supplied documents. Monitor for updates from official advisories.

Cisco Prime Infrastructure Health Monitor - TarArchive Directory Traversal (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Prime Infrastructure Health Monitor TarArchive Directory Traversal Vulnerability', 'Description' = %q This module exploits a vulnerability...

Zoho ManageEngine OpManager SQL Injection (CVE-2018-9088)

An SQL injection vulnerability exists in ManageEngine. This vulnerability is due to insufficient validation of the parameter in Java class. Successful exploitation could lead to arbitrary code execution in the security context of database service...

CVE-2018-14017

The rbinjavaannotationnew function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service heap-based buffer over-read and application crash via a crafted .class file because of missing input validation in rbinjavalinenumbertableattrnew...

Remote code execution

Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi.DateRMI Java class, because upon instantiation it creates an RMI server that listens on a TCP port and deserializes objects sent by TCP clients...

CVE-2017-9830

Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi.DateRMI Java class, because upon instantiation it creates an RMI server that listens on a TCP port and deserializes objects sent by TCP clients...

CVE-2017-9830

CVE-2017-9830 affects Code42 CrashPlan 5.4.x, where the org.apache.commons.ssl.rmi.DateRMI class creates an RMI server on instantiation and deserializes objects received over TCP, enabling remote code execution. Public references in CVE filings describe the impact as remote code execution with ar...

CVE-2017-9830

Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the org.apache.commons.ssl.rmi.DateRMI Java class, because upon instantiation it creates an RMI server that listens on a TCP port and deserializes objects sent by TCP clients...

EMC M&R (Watch4net) - Credential Disclosure Vulnerability

It was discovered that EMC M&R Watch4net credentials of remote servers stored in Watch4net are encrypted using a fixed hard-coded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them. Abstract It was discovered that EMC M&R Watch4net...

EMC MR (Watch4net) - Credential Disclosure

EMC MR Watch4net - Credential Disclosure Abstract It was discovered that EMC M&R Watch4net credentials of remote servers stored in Watch4net are encrypted using a fixed hardcoded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them. Affecte...

EMC M&R (Watch4net) Insecure Credential Storage

------------------------------------------------------------------------ EMC M&R Watch4net data storage collector credentials are not properly protected ------------------------------------------------------------------------ Han Sahin, November 2014...

ProGuard - Java class file Shrinker, Optimizer, Obfuscator and Preverifier

ProGuard is a free Java class file shrinker, optimizer, obfuscator, and preverifier. It detects and removes unused classes, fields, methods, and attributes. It optimizes bytecode and removes unused instructions. It renames the remaining classes, fields, and methods using short meaningless names...

CVE-2014-0731

The administration interface in Cisco Unified Communications Manager Unified CM 10.01 and earlier allows remote attackers to bypass authentication and read Java class files via a direct request, aka Bug ID CSCum46497...

Cisco Unified Communications Manager Java Class File Availability Vulnerability

A vulnerability in the administration interface of Cisco Unified Communications Manager Cisco Unified CM could allow an unauthenticated, remote attacker to access Java class files. The vulnerability is due to insufficient authentication enforcement. An attacker could exploit this vulnerability by...