120 matches found
CVE-2013-3274
EMC Avamar Server and Avamar Virtual Edition before version 7.0 on Data Store Gen3, Gen4, and Gen4s hardware are affected by CVE-2013-3274 due to improper authorization checks on Java RMI calls. This potentially allows remote authenticated users to execute arbitrary code via unspecified vectors. ...
CVE-2013-3274
EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly determine authorization for calls to Java RMI methods, which allows remote authenticated users to execute arbitrary code via unspecified vectors...
CVE-2013-0935
EMC Smarts Network Configuration Manager NCM before 9.2 does not require authentication for all Java RMI method calls, which allows remote attackers to execute arbitrary code via unspecified vectors...
Authentication flaw
EMC Smarts Network Configuration Manager NCM before 9.2 does not require authentication for all Java RMI method calls, which allows remote attackers to execute arbitrary code via unspecified vectors...
CVE-2013-0935
EMC Smarts Network Configuration Manager NCM before 9.2 does not require authentication for all Java RMI method calls, which allows remote attackers to execute arbitrary code via unspecified vectors...
CVE-2013-0935
EMC Smarts Network Configuration Manager (NCM) before version 9.2 is affected by CVE-2013-0935. The issue: Java RMI method calls can be invoked without authentication, allowing remote attackers to execute arbitrary code. Severity in NVD is high (CVSSv2 base score 9.3) with network access and no a...
Java RMI Server Insecure Endpoint Code Execution Scanner
Detect Java RMI endpoints This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/java/serialization' class MetasploitModule 'Java RMI Server Insecure Endpoint Code Execution Scanner', 'Description' = 'Detect Jav...
Critical: java-1.6.0-openjdk
Issue Overview: A flaw was found in the Java RMI Remote Method Invocation registry implementation. A remote RMI client could use this flaw to execute arbitrary code on the RMI server running the registry. CVE-2011-3556 A flaw was found in the Java RMI registry implementation. A remote RMI client...
Java RMI Services Default Configuration Remote Loading
Added: 07/29/2011 Background The Java Remote Method Invocation RMI system allows an object running in one Java virtual machine to invoke methods on an object running in another Java virtual machine. RMI provides for remote communication between programs written in the Java programming language...
Java RMI Services Default Configuration Remote Loading
Added: 07/29/2011 Background The Java Remote Method Invocation RMI system allows an object running in one Java virtual machine to invoke methods on an object running in another Java virtual machine. RMI provides for remote communication between programs written in the Java programming language...
Java RMI Services Default Configuration Remote Loading
Added: 07/29/2011 Background The Java Remote Method Invocation RMI system allows an object running in one Java virtual machine to invoke methods on an object running in another Java virtual machine. RMI provides for remote communication between programs written in the Java programming language...
Java RMI Server Insecure Default Configuration Java Code Execution
Exploit for multiple platform in category remote exploits $Id: javarmiserver.rb 13186 2011-07-15 20:44:08Z egypt $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on...
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Manager
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Manager Advisory ID: cisco-sa-20110223-telepresence-ctsman Revision 1.0 For Public Release 2011 February 23 +----------------------------------------------------- Summary ======...
CVE-2011-0381
Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to perform unspecified actions and consequently execute arbitrary code via a crafted request to the Java RMI interface, related to a "command injection vulnerability," aka Bug ID CSCtf97085...
Command injection
Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to perform unspecified actions and consequently execute arbitrary code via a crafted request to the Java RMI interface, related to a "command injection vulnerability," aka Bug ID CSCtf97085...
CVE-2011-0381
Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to perform unspecified actions and consequently execute arbitrary code via a crafted request to the Java RMI interface, related to a "command injection vulnerability," aka Bug ID CSCtf97085...
GE-Fanuc Proficy Real-Time Information Portal远程脚本上传及执行漏洞
BUGTRAQ ID: 27446 CVECAN ID: CVE-2008-0175 Proficy Real-Time Information Portal是一个基于Web的解决方案,将基于在线和过程的系统与厂级连接性、分析和人机界面器件集成起来。 Proficy Real-Time Information Portal在处理用户请求时存在漏洞,远程攻击者可能利用此漏洞控制服务器。 Proficy Real-Time Information Portal没有对Add WebSource执行正确的Java...
C4 Security Advisory - GE Fanuc Proficy Information Portal 2.6 Arbitrary File Upload and Execution
Background ----------------- GE-Fanuc's Proficy Information Portal 2.6 is a web based reporting application for the SCADA environment. As such it will usually be installed in a buffer zone between the SCADA and the corporate network, which makes it a very sensitive application as it can reach bot...
BEA WebLogic Server/WebLogic Express Java RMI不正确会话继承漏洞
BEA Systems WebLogic包含多种应用系统集成方案,包括Server/Express/Integration等。 BEA WebLogic的对Java Remote Method Invocation RMI文档描述存在问题,遵从此文档开发的产品可导致权限提升问题。 问题发生在当客户多次以不同用户登录WebLogic服务器时,文档描述客户的行为是:当RMI请求提交时是没有当前用户关联客户线程的,这对RMI通过T3协议来说是正确的,但针对RMI通过IIOP协议走的情况下是不正确的,任意依赖此文档描述的行为可导致在RMI调用中获得其他用户的验证信息。 BEA Systems...
Immunity Canvas: JAVA_RMI_SERVICE
Name| javarmiservice ---|--- CVE| NO-CVE Exploit Pack| CANVAS Description| javarmiservice Notes| References: 'https://docs.oracle.com/javase/8/docs/platform/rmi/spec/rmi-protocol3.html', 'https://docs.oracle.com/javase/7/docs/platform/rmi/spec/rmi-protocol3.html',...