TurboBoost Commands vulnerable to arbitrary method invocation

Impact TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should be. It's possible for a sophisticated attacker to invoke more methods than should be permitted dependi...

TurboBoost Commands vulnerable to arbitrary method invocation

Impact TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should be. It's possible for a sophisticated attacker to invoke more methods than should be permitted dependi...

CVE-2024-28181 Arbitrary method invocation turbo_boost-commands

turboboost-commands is a set of commands to help you build robust reactive applications with Rails & Hotwire. TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should...

CVE-2024-28181

CVE-2024-28181 affects the TurboBoost Commands library. The issue is an insufficiently robust permission check that can allow an attacker to invoke more public methods on Command classes than intended, risking arbitrary code execution within affected applications. Concrete details in connected so...

CVE-2024-28181 Arbitrary method invocation turbo_boost-commands

turboboost-commands is a set of commands to help you build robust reactive applications with Rails & Hotwire. TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should...

CVE-2024-28181 Arbitrary method invocation turbo_boost-commands

turboboost-commands is a set of commands to help you build robust reactive applications with Rails & Hotwire. TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should...

Design/Logic Flaw

stimulusreflex is a system to extend the capabilities of both Rails and Stimulus by intercepting user interactions and passing them to Rails over real-time websockets. In affected versions more methods than expected can be called on reflex instances. Being able to call some of them has security...

GHSA-F78J-4W3G-4Q65 StimulusReflex arbitrary method call

Summary More methods than expected can be called on reflex instances. Being able to call some of them has security implications. Details To invoke a reflex a websocket message of the following shape is sent: json "target": "classnamemethodname", "args": The server will proceed to instantiate refl...

StimulusReflex arbitrary method call

Summary More methods than expected can be called on reflex instances. Being able to call some of them has security implications. Details To invoke a reflex a websocket message of the following shape is sent: json "target": "classnamemethodname", "args": The server will proceed to instantiate refl...

CVE-2024-28211

nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker...

PT-2024-22337 · Ngrinder · Ngrinder

Name of the Vulnerable Software and Affected Versions: nGrinder versions prior to 3.5.9 Description: The issue allows a connection to a malicious JMX/RMI server by default, potentially leading to the execution of arbitrary code via the RMI registry by a remote attacker. Recommendations: For...

nGrinder Security Vulnerabilities

nGrinder is a stress testing platform that enables you to perform script creation, test execution, monitoring and results report generator simultaneously. A security vulnerability exists in nGrinder versions prior to 3.5.9 that stems from a default permission to connect to a malicious JMX/RMI...

CVE-2023-43769

An issue was discovered in Couchbase Server through 7.1.4 before 7.1.5 and before 7.2.1. There are Unauthenticated RMI Service Ports Exposed in Analytics...

CVE-2023-43769

An issue was discovered in Couchbase Server through 7.1.4 before 7.1.5 and before 7.2.1. There are Unauthenticated RMI Service Ports Exposed in Analytics...

Couchbase Server Security Vulnerability

Couchbase Server is a distributed, open source NoSQL non-relational database from Couchbase, Inc. that supports data querying, full-text searching, and active global replication. A security vulnerability exists in Couchbase Server versions prior to 7.1.5 and prior to 7.2.1, which stems from the...

PT-2024-13137 · Couchbase · Couchbase Server

Name of the Vulnerable Software and Affected Versions: Couchbase Server versions through 7.1.4 before 7.1.5 and before 7.2.1 Description: An issue was discovered in Couchbase Server where Unauthenticated RMI Service Ports are Exposed in Analytics, posing a significant risk. This could allow an...

VulnCheck KEV: CVE-2017-18349

parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP POST data to the Pippo /json URI, which is...

PT-2023-9263 · Apache · Apache Kafka

Name of the Vulnerable Software and Affected Versions: Kafka UI versions prior to 0.7.2 Description: The issue is related to the deserialization mechanism in the Kafka UI web interface for Apache Kafka management. It allows a remote attacker to execute arbitrary code by exploiting the vulnerabili...

Exploit for Incorrect Comparison in Dynamic-Linq Linq

Dynamic Linq injection to RCE - CVE-2023-32571 About Dynami...

CVE-2023-26455

RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require...