Code injection

IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath. IBM Reference : 1983457...

CVE-2016-0360

CVE-2016-0360 concerns IBM WebSphere MQ JMS client deserializing objects from untrusted sources, enabling arbitrary Java code execution via vulnerable classes on the classpath. It affects WebSphere Application Server and related IBM products (e.g., MQ JMS JCA resource adapter). Remediation: apply...

Microsoft Power Point 2016 - Java Code Execution

Exploit Title: Microsoft Power Point Java Payload Code Execution Exploit Author: Fady Mohamed Osman @fadyosman Exploit-db : http://www.exploit-db.com/author/?a=2986 Demo Video : https://www.youtube.com/watch?v=DOJSUJK7hRo Video Tutorial : https://www.youtube.com/watch?v=Lih-iuXgEM Youtube Channel...

Microsoft Power Point 2016 - Java Code Execution

Microsoft Power Point 2016 - Java Code Execution Exploit Title: Microsoft Power Point Java Payload Code Execution Exploit Author: Fady Mohamed Osman @fadyosman Exploit-db : http://www.exploit-db.com/author/?a=2986 Demo Video : https://www.youtube.com/watch?v=DOJSUJK7hRo Video Tutorial :...

Java (OGNL) code execution in Apache Struts 2 when devMode is enabled

Overview Apache Struts 2 provided by the Apache Software Foundation is a software framework for creating Java web applications. There is a known risk that arbitrary Java OGNL code may be executed in Apache Struts 2 when devMode is enabled in production environment. It is confirmed that...

Debian Security Advisory DSA 3720-1 (tomcat8 - security update)

Multiple security vulnerabilities have been discovered in the Tomcat servlet and JSP engine, which may result in possible timing attacks to determine valid user names, bypass of the SecurityManager, disclosure of system properties, unrestricted access to global resources, arbitrary file overwrite...

CVE-2016-6809

Apache Tika before 1.14 allows Java code execution for serialized objects embedded in MATLAB files. The issue exists because Tika invokes JMatIO to do native deserialization...

Samsung Pay vulnerability in-depth analysis-vulnerability warning-the black bar safety net

2 0 1 6 7 1 4 number, from United States, California, Modesto Community College Salvador Mendoza published an article titled Samsung Pay:Tokenized Numbers, Flaws andIssues of the article, said the discovery of the Samsung Pay the Token of security. In the same year 8 on No. 4, which at the Black...

IBM WebSphere Application Server Code Execution Vulnerability (Oct 2016)

IBM WebSphere Application Server is prone to a code execution vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Aternity Remote Code Execution Vulnerability

Aternity webserver is a web server from the American company Aternity. A remote code execution vulnerability exists in Aternity 9 and prior versions of the web server, which stems from the program failing to require authentication for getMBeansFromURL to download Java Mbeans. A remote attacker ca...

Droid-Hunter - Android Application Vulnerability Analysis And Android Pentest Tool

.---. .----------- / \ / ------ / / \ / ----- ╔╦╗╦═╗╔═╗╦╔╦╗ ╦ ╦╦ ╦╔╗╔╔╦╗╔═╗╦═╗ ////// ' / --- ║║╠╦╝║ ║║ ║║───╠═╣║ ║║║║ ║ ║╣ ╠╦╝ //// / // : : --- ═╩╝╩╚═╚═╝╩═╩╝ ╩ ╩╚═╝╝╚╝ ╩ ╚═╝╩╚═ // / / / '-- By HaHwul // //..\ www.hahwul.com ====UU====UU==== https://github.com/hahwul/droid-hunter '//||\ ''...

IBM WebSphere Application Server Remote Code Execution Vulnerability

IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. It is a platform for Java EE and Web services applications and the foundation of the IBM WebSphere software platform.Liberty is a dynamic server profile for WAS. A remote code...

Google Shuts Down Potentially Massive Android Bug

The Android ecosystem may have dodged another Stagefright-type of vulnerability. Google’s monthly Android Security Bulletin released on Tuesday not only patched the remaining Quadrooter vulnerabilities, but also fixed another wide-ranging flaw that could allow an attacker to easily compromise—or ...

Oracle WebLogic Server Java Object Deserialization RCE (July 2016 CPU)

The remote Oracle WebLogic Server is affected by a remote code execution vulnerability in the WLS Core component in the readObject function due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this, via a crafted object payload, to bypass the...

Android security development of ZIP file directory traversal-vulnerability warning-the black bar safety net

ZIP compressed package file to allow the presence of“../”string, an attacker can carefully construct the ZIP file, use multiple“../”thereby changing the ZIP package to a file in the storage position, the cover to replace the application the original file. If the overwritten file is available. so...

Apache OFBiz Security Bypass Vulnerability

Apache OFBiz also known as Apache Open For Business Project is the United States Apache Apache Software Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. A security bypass vulnerability exists in Apache...

Atlassian Bamboo Multiple Vulnerabilities (Feb 2016)

Atlassian Bamboo is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:atlassian:bamboo";...

Atlassian Bamboo Remote Code Execution Vulnerability (Feb 2016)

Atlassian Bamboo is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2016-2397

The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data...

Code injection

The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote attackers to deserialize and execute arbitrary Java code via crafted XML data...