ClassLoader manipulation vulnerability

We have fixed a vulnerability in our fork of Apache Struts. Attackers can use this vulnerability to execute Java code of their choice on systems that use these frameworks. The attacker needs to be able to access the Crowd web interface. In cases when anonymous access is enabled, a valid user...

[SECURITY] CVE-2014-0111 Apache Syncope

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-0111: Remote code execution by an authenticated administrator Severity: Important Vendor: The Apache Software Foundation Versions Affected: Syncope 1.0.0 to 1.0.8 Syncope 1.1.0 to 1.1.6 Description: In the various places in which Apache Commo...

Apache Struts ClassLoader Manipulation Remote Code Execution

This module exploits a remote command execution vulnerability in Apache Struts versions 1.x 'Apache Struts ClassLoader Manipulation Remote Code Execution', 'Description' = %q This module exploits a remote command execution vulnerability in Apache Struts versions 1.x = 1.3.10 and 2.x 2.3.16.2. In...

CVE-2013-6469

JBoss Overlord Run Time Governance RTGov 1.0 for JBossAS allows remote authenticated users to execute arbitrary Java code via an MVFLEX Expression Language MVEL expression. NOTE: some of these details are obtained from third party information...

Code injection

Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings."...

CVE-2014-0111

Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote administrators to execute arbitrary Java code via vectors related to Apache Commons JEXL expressions, "derived schema definition," "user / role templates," and "account links of resource mappings."...

CVE-2013-6468

JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a 1 MVFLEX Expression Language MVEL or 2 Drools expression...

CVE-2013-6468

JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a 1 MVFLEX Expression Language MVEL or 2 Drools expression...

First Paid Fake Android Antivirus App Downloaded 10,000 times from Google Play Store

Well, we all are very conscious, when it comes to the security of our personal information, security of our financial data and security of everything related to us. In the world of Smart devices where our Smartphones knows more than we know ourselves. To keep our device protected from harmful...

Cisco Hosted Collaboration Solution Denial of Service Vulnerability

A vulnerability in Java code on the Cisco Hosted Collaboration Solution HCS could allow an unauthenticated, remote attacker to close TCP ports used by the system. The vulnerability is due to improper packet processing in the Java code. An exploit could allow the attacker to create a denial of...

CVE-2014-1939

java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge interface at certain Android API...

CVE-2014-1939

java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge interface at certain Android API...

Apache Struts Debugging Interceptor Remote Code Execution (CVE-2012-0394)

A remote code execution vulnerability exists in Apache Struts 2 web application framework. The vulnerability is due to insufficient input sanitization when running commands in "developer mode". A remote attacker can exploit this vulnerability by sending a crafted HTTP request to a vulnerable...

Apache Struts - Developer Mode OGNL Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Apache Struts Developer Mode OGNL Execution', 'Description' = %q This module exploits a remote command execution vulnerability in...

Apache Struts Developer Mode OGNL Execution Exploit

This Metasploit module exploits a remote command execution vulnerability in Apache Struts 2. The problem exists on applications running in developer mode, where the DebuggingInterceptor allows evaluation and execution of OGNL expressions, which allows remote attackers to execute arbitrary Java...

CVE-2014-1202

The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file...

Code injection

The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file...

CVE-2014-1202

The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file...

SoapUI 4.6.3 - Remote Code Execution

SoapUI 4.6.3 - Remote Code Execution Exploit Title: SoapUI Remote Code Execution Date: 25.12.13 Exploit Author: Barak Tawily Vendor Homepage: http://www.soapui.org/ Software Link: http://www.soapui.org/Downloads/download-soapui-pro-trial.html Version: vulnerable before 4.6.4 Tested on: Windows,...

SoapUI 4.6.3 - Remote Code Execution

Exploit Title: SoapUI Remote Code Execution Date: 25.12.13 Exploit Author: Barak Tawily Vendor Homepage: http://www.soapui.org/ Software Link: http://www.soapui.org/Downloads/download-soapui-pro-trial.html Version: vulnerable before 4.6.4 Tested on: Windows, should work at Linux as well CVE :...