Remote Code Execution (RCE)

com.liferay, com.liferay.object.service is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper restriction on the use of Groovy scripts in Object actions, which allows authenticated admin users with the Instance Administrator role to execute arbitrary Groovy scripts and...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the Objects module. An authenticated attacker with Instance Administrator privileges can execute arbitrary code by submitting specially crafted Groovy scripts through Object Actions or Validations. Remediation...

EUVD-2016-1601

Malware in sbrugna...

EUVD-2020-2273

Malware in sbrugna...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via improper access control in the getValue for objects. An attacker can gain unauthorized access to, create, edit, or relate data and object entries or definitions across different virtu...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the custom object attachment fields. An attacker can induce the system to make unauthorized network requests to arbitrary external resources by creating new object entries that link to external...

MAL-2025-17163 Malicious code in cloud-object-service (npm)

The package cloud-object-service was found to contain malicious code...

Malicious code in cloud-object-service (npm)

The package cloud-object-service was found to contain malicious code...

CVE-2020-0786

A denial of service vulnerability exists when the Windows Tile Object Service improperly handles hard links, aka 'Windows Tile Object Service Denial of Service Vulnerability'...

Denial of service

A denial of service vulnerability exists when the Windows Tile Object Service improperly handles hard links, aka 'Windows Tile Object Service Denial of Service Vulnerability'...

CVE-2020-0786

CVE-2020-0786 affects the Windows Tile Object Service. The vulnerability arises from improper handling of hard links, enabling a logged-on attacker to run a crafted application that could cause the target system to stop responding and potentially overwrite system files. This is a local, low-compl...

CVE-2020-0786

A denial of service vulnerability exists when the Windows Tile Object Service improperly handles hard links, aka 'Windows Tile Object Service Denial of Service Vulnerability'...

Microsoft Windows/Windows Server Denial of Service Vulnerability

Microsoft Windows and Microsoft Windows Server are both products of Microsoft Corporation USA.Microsoft Windows is a set of operating systems for personal devices.Microsoft Windows Server is a set of server operating systems. A denial-of-service vulnerability exists in Microsoft Windows/Windows...

Windows Tile Object Service Denial of Service Vulnerability

A denial of service vulnerability exists when the Windows Tile Object Service improperly handles hard links. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, an attacker would have to log on to an affected syst...

Apache James Deserialization RCE(CVE-2017-12628)

Analysis of CVE-2017-12628 This morning I spotted a tweet mentioning an “Apache James 3.0.1 JMX Server Deserialization” vulnerability, CVE-2017-12628, which caught my eye because I wrote a generic JMX deserialization exploit which is included in my RMI attack tool BaRMIe. A quick search for more...