57 matches found
EUVD-2015-4319
Malware in sbrugna...
EUVD-2013-5404
Malware in sbrugna...
EUVD-2023-30711
Malicious code in bioql PyPI...
EUVD-2022-15291
Malicious code in bioql PyPI...
CVE-2023-26919
delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. When allowExitFunctions is set to false, the loadWithNewGlobal function can be used to invoke the exit and quit methods to exit the Java process...
CVE-2013-5564
The Java process in the Impact server in Cisco Prime Central for Hosted Collaboration Solution HCS allows remote attackers to cause a denial of service process crash via a flood of TCP packets, aka Bug ID CSCug57345...
Genie Path Traversal vulnerability via File Uploads
Overview Path Traversal Vulnerability via File Uploads in Genie Impact Any Genie OSS users running their own instance and relying on the filesystem to store file attachments submitted to the Genie application may be impacted. Using this technique, it is possible to write a file with any...
CVE-2024-32656 Ant Media Server vulnerable to local privilege escalation
Ant Media Server is live streaming engine software. A local privilege escalation vulnerability in present in versions 2.6.0 through 2.8.2 allows any unprivileged operating system user account to escalate privileges to the root user account on the system. This vulnerability arises from Ant Media...
CVE-2024-32656
CVE-2024-32656 affects Ant Media Server (versions 2.6.0–2.8.2). The issue arises because JMX is enabled and unauthenticated on localhost:5599/TCP, allowing an unprivileged user to exploit the MLet bean to load a remote MBean and execute code in the antmedia process, effectively escalating to root...
Exploit for Deserialization of Untrusted Data in Apache Activemq
Active MQ CVE-2023-46604 exploit This repository is a guide w...
XWiki 3.5-milestone-1 < 14.10.8, 15.0-rc-1 < 15.3 XSS Vulnerability (GHSA-vcvr-v426-3m3m)
Xwiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...
GHSA-VCVR-V426-3M3M org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter
Impact Triggering the office converter with a specially crafted file name allows writing the attachment's content to an attacker-controlled location on the server as long as the Java process has write access to that location. In particular in the combination with attachment moving, a feature...
org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter
Impact Triggering the office converter with a specially crafted file name allows writing the attachment's content to an attacker-controlled location on the server as long as the Java process has write access to that location. In particular in the combination with attachment moving, a feature...
CVE-2023-37913
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 3.5-milestone-1 and prior to versions 14.10.8 and 15.3-rc-1, triggering the office converter with a specially crafted file name allows writing the attachment's content to a...
Code injection
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 3.5-milestone-1 and prior to versions 14.10.8 and 15.3-rc-1, triggering the office converter with a specially crafted file name allows writing the attachment's content to a...
CVE-2023-37913 org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 3.5-milestone-1 and prior to versions 14.10.8 and 15.3-rc-1, triggering the office converter with a specially crafted file name allows writing the attachment's content to a...
CVE-2023-37913 org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 3.5-milestone-1 and prior to versions 14.10.8 and 15.3-rc-1, triggering the office converter with a specially crafted file name allows writing the attachment's content to a...
Security Bulletin: IBM ELM affected as Java deserialization filters (JEP 290) ignored during IBM ORB deserialization (CVE-2022-40609)
Summary IBM ELM affected as IBM ORB does not honour JEP 290 deserialization filters when deserializing serialised object data. This exposes the Java process to a variety of attacks ranging from denial of service to remote code execution via "gadgets" in third party components. The fix ensures tha...
Cisco Nexus 3000 Nexus Data Broker Denial of Service (CVE-2015-4296)
Nexus Data Broker NDB on Cisco Nexus 3000 devices with software 6.02A61 allows remote attackers to cause a denial of service Java process restart via crafted connections to the Java application, aka Bug ID CSCut87006. This plugin only works with Tenable.ot. Please visit...
CVE-2023-26919
delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. When allowExitFunctions is set to false, the loadWithNewGlobal function can be used to invoke the exit and quit methods to exit the Java process...