21 matches found
EUVD-2011-2085
Malware in sbrugna...
EUVD-2015-5243
Malware in sbrugna...
EUVD-2015-3321
Malicious code in bioql PyPI...
Multiple Adobe Products Server-Side Request Forgery Security Bypass Vulnerabilities
Adobe ColdFusion is a dynamic Web server, its CFML is a programming language, similar to the current JSP in the JSTL. Adobe LiveCycle Data Services is the United States Odo than Adobe the company's set of deployed in the application server and the integration of the RIA applications and J2EE and...
Server side request forgery (ssrf)
Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to...
CVE-2015-5255
Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to...
CVE-2015-5255
Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to...
CVE-2015-5255
CVE-2015-5255 describes a Server-Side Request Forgery (SSRF) in BlazeDS used with Adobe ColdFusion and LiveCycle Data Services. A crafted XML document could cause BlazeDS to send HTTP requests to intranet servers, bypassing access controls and enabling further host‑based attacks. Affected product...
Adobe Issues HotFix For ColdFusion
Adobe this afternoon released hotfixes and security updates for three of its products that patch a handful of vulnerabilities, none of which are being publicly exploited. The most serious vulnerabilities were in ColdFusion, Adobe’s web application development platform. The hotfix affects ColdFusi...
APSB15-30 Security update available for LiveCycle Data Services
Adobe has released a security update for LiveCycle Data Services. This update includes an updated version of Apache™ BlazeDS that resolves an important server-side request forgery vulnerability. Adobe recommends users apply the available updates using the instructions provided in the "Solution"...
Adobe Releases Security Updates for ColdFusion, LiveCycle Data Services, and Adobe Premiere Clip
Adobe has released security updates to address multiple vulnerabilities in ColdFusion, LiveCycle Data Services, and Adobe Premiere Clip. Exploitation of some of these vulnerabilities may allow a remote attacker to take control of an affected system. Users and administrators are encouraged to revi...
September 2015 Adobe Shockwave Security Patch
Adobe today released a new version of its Shockwave Player that patches two critical vulnerabilities that could be remotely exploited. Adobe said that it is not aware of public exploits for either security flaw. The vulnerability affects Shockwave for Windows, versions 12.1.9.160 and earlier and...
Adobe ColdFusion Hotfix
Adobe today pushed out a hotfix to ColdFusion implementations, patching a vulnerability it had already patched nine days ago on the LiveCycle Data Services application framework. Today’s hotfix affects ColdFusion 11, update 5 and earlier, and ColdFusion 10, update 16 and earlier. Hotfixes, unlike...
Adobe LiveCycle Data Services Information Disclosure Vulnerability
Adobe LiveCycle Data Services is the United States Odo than Adobe company's set of application servers deployed on and integrated with RIA applications and J2EE and other enterprise applications server software. The software provides remote procedure call RPC services, messaging services and data...
Adobe LiveCycle Data Services Hotfix
Adobe is today expected to push a hotfix through to implementations of its LiveCycle Data Services application framework. The company said the vulnerability, CVE-2015-3269, affects versions 4.7, 4.6.2, 4.5 and 3.0.x on Windows, Macintosh and UNIX systems. Adobe is not aware of public exploits of...
Adobe Releases Security Update for LiveCycle Data Services
Adobe has released a security update to address a vulnerability in LiveCycle Data Services versions 4.7, 4.6.2, 4.5, and 3.0.x. Exploitation of this vulnerability may allow a remote attacker to obtain sensitive information from an affected system. US-CERT recommends that users and administrators...
VMware Horizon View Multiple Vulnerabilities (VMSA-2015-0003) (VMSA-2015-0008) (POODLE)
The VMware Horizon View installed on the remote Windows host is version 5.x prior to 5.3.4 or version 6.x prior to 6.1. It is, therefore, affected by the following vulnerabilities : - A man-in-the-middle MitM information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0...
CVE-2011-2093
Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly handle object graphs, which allows attackers to cause a denial of service via unspecified vectors, related to a "complex object graph vulnerability."...
CVE-2011-2092
Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier do not properly restrict creation of classes during deserialization of 1 AMF and 2 AMFX data, which allows attackers to have an unspecified impact via unknown vectors, related to a...
CVE-2011-2092
CVE-2011-2092 affects Adobe products: LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and earlier, and BlazeDS 4.0.1 and earlier. The root cause is improper restriction during deserialization of AMF and AMFX data that allows creation of classes, leading to an unresolved impact via unkn...