Oracle Primavera Gateway Multiple Vulnerabilities (July 2017 CPU)

According to its self-reported version number, the Oracle Primavera Gateway installation running on the remote web server is prior to 14.2.3, 15.x prior to 15.2.12, or 16.x prior to 16.2.4. It is, therefore, affected by the following vulnerabilities : - A remote code execution vulnerability exist...

HPE Universal CMDB Arbitrary Code Execution Vulnerability

HPE Universal CMDB is the Universal Management Configuration Database from Hewlett Packard Enterprise HPE, USA. An arbitrary code execution vulnerability exists in HPE Universal CMDB that could allow a remote attacker to execute arbitrary code via carefully crafted serialized Java objects...

Debian: Security Advisory (DSA-3840-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Atlassian JIRA Remote Code Execution Vulnerability

Atlassian JIRA is a project and transaction tracking tool from Atlassian. The Atlassian JIRA Workflow Designer plug-in does not properly use XML parsers and parallelizers, which can be exploited by remote attackers to submit special serialized Java objects, execute arbitrary code, read arbitrary...

ForgeRock OpenIDM and OpenICF RACF Connector Component Arbitrary Code Execution Vulnerability

ForgeRock OpenIDM and OpenICF are both products of ForgeRock, USA. The former is a set of enterprise identity management software, the latter is a set of frameworks used to build or help develop a variety of connectors.RACF Connector is one of the security management connection components. A...

Oracle WebLogic RMI Registry UnicastRef Object Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle WebLogic. Authentication is not required to exploit this vulnerability. The specific flaw exists within the insufficient blacklisting of certain Java objects. The issue lies in the failure t...

JFrog Artifactory Arbitrary Code Execution Vulnerability

JFrog Artifactory is an open source, general-purpose Artifact repository manager from Israel's JFrog that supports clustering and high-availability Docker registries and provides an end-to-end automation solution for tracking artifacts from development to production. A security vulnerability exis...

Novell NetIQ Sentinel Commons DiskFileItem Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell NetIQ Sentinel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the insufficient blacklisting of certain Java objects. The issue lies in the...

Red Hat Jboss Remote Code Execution Vulnerability

Red Hat JBoss Enterprise Application Platform EAP is the United States Red Hat Red Hat company's set of open source, J2EE-based middleware platform. The platform is mainly used to build, deploy and host Java applications and services. A remote code execution vulnerability exists in the JMX servle...

Cisco Unified Communications Manager Java Object Deserialization RCE (CSCux34835)

According to its self-reported version, the Cisco Unified Communications Manager CUCM running on the remote device is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated...

CVE-2016-4385

CVE-2016-4385 affects HP Network Automation: RMI registry deserialization in 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 enables remote code execution via a crafted serialized Java object, leveraging Apache Commons Collections and Commons BeanUtils libraries. The vulnerabil...

SolarWinds Virtualization Manager Java Object Deserialization RCE

The remote SolarWinds Virtualization Manager server is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this, by sending a specially...

PT-2016-3244 · Apache +2 · Apache Xml-Rpc Library +2

Name of the Vulnerable Software and Affected Versions: Apache XML-RPC library version 3.1.3 Description: The issue allows remote attackers to execute arbitrary code via a crafted serialized Java object in an element. This is due to the library's failure to properly verify data from external...

CVE-2016-4369

HPE Discovery and Dependency Mapping Inventory DDMi 9.30, 9.31, 9.32, 9.32 update 1, 9.32 update 2, and 9.32 update 3 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library...

Red Hat JBoss Operations Network Java Object Deserialization RCE

The remote Red Hat JBoss Operations Network server is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Jython library. An unauthenticated, remote attacker can exploit this, by sending specially crafted Java objects to the HTT...

Apache TomEE 1.x < 1.7.4 / 7.x < 7.0.0-M3 Multiple RCE

Binary data 9323.prm...

Adobe ColdFusion Arbitrary Command Execution Vulnerability

Adobe ColdFusion is the United States of America Audobee Adobe a dynamic Web server products, which runs the CFML ColdFusion Markup Language is a programming language for Web applications. A command execution vulnerability exists in Adobe ColdFusion. A remote attacker can exploit this vulnerabili...

Adobe ColdFusion Multiple Vulnerabilities (APSB16-16) (credentialed check)

The version of Adobe ColdFusion running on the remote Windows host is missing a security hotfix. It is, therefore, affected by multiple vulnerabilities : - A cross-site scripting vulnerability exists due to improper validation of user-supplied input. An attacker can exploit this to execute...

CVE-2016-2009

HPE Network Node Manager i NNMi 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections ACC library...

Oracle Application Testing Suite Java Object Deserialization RCE (April 2016 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this, by...