Oracle Application Testing Suite Java Object Deserialization RCE (April 2016 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated, remote attacker can exploit this, by...

CVE-2016-3156

The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service host OS networking outage by arranging for a large number of IP addresses...

[SECURITY] Fedora 23 Update: xstream-1.4.9-1.fc23

XStream is a simple library to serialize objects to XML and back again. A high level facade is supplied that simplifies common use cases. Custom objects can be serialized without need for specifying mappings. Speed and low memory footprint are a crucial part of the design, making it suitable for...

HPE P9000 CVAE Arbitrary Command Execution Vulnerability

HP XP P9000 Command View Advanced Edition is a multifunctional device manager for HP XP P9500, XP Disk Array products. A security vulnerability exists in HPE P9000 Command View Advanced Edition Software CVAE and XP7 CVAE, which allows remote attackers to execute arbitrary commands via constructed...

The vulnerabilities of the automation and accounting software for Asset Manager and Asset Manager CloudSystem Chargeback allow attackers to execute arbitrary commands.

The vulnerability of the Asset Manager and Asset Manager CloudSystem Chargeback software lies in improper data processing. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely, using a specially crafted serialized Java object related to the Apache Commons...

Microsoft Excel Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

Microsoft Office Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with...

Apache OFBiz Security Bypass Vulnerability

Apache OFBiz also known as Apache Open For Business Project is the United States Apache Apache Software Foundation of a set of enterprise resource planning ERP system. The system provides a set of Java-based Web application components and tools. A security bypass vulnerability exists in Apache...

(Pwn2Own) Adobe Flash AS2 Transform matrix Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Transform object...

EMC Documentum D2 < 4.6 Insufficient ACL Remote Object Manipulation (ESA-2016-034)

The remote host is running a version EMC Documentum D2 that is prior to 4.6. It is, therefore, affected by a security bypass vulnerability due to a failure to set secure access control lists ACLs for D2 configuration objects. An authenticated, remote attacker can exploit this to modify or delete ...

Design/Logic Flaw

EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors...

CVE-2016-0888

EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors...

CVE-2016-0888

EMC Documentum D2 before 4.6 lacks intended ACLs for configuration objects, which allows remote authenticated users to modify objects via unspecified vectors...

EMC Documentum D2 Unauthorized Operation Vulnerability

EMC Documentum D2 is the advanced, intuitive, configurable and content-centric Documentum client that accelerates adoption of ECM applications. Multiple D2 Configuration object types in EMC Documentum D2 versions prior to 4.6 fail to properly use ACLs, which can be exploited by an authenticated,...

Unspecified Vulnerability in Adobe Experience Manager

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Audobee Adobe. An unspecified vulnerability exists in AEM, which can be exploited by remote attackers with the help of specially crafte...

HPE Asset Manager Arbitrary Code Execution Vulnerability

HP AssetManager is a solution for managing the lifecycle of IT assets. A security vulnerability exists in HPE Asset Manager 9.40, 9.41, 9.50, and Asset Manager CloudSystem Chargeback 9.40, which can be exploited by remote attackers to execute arbitrary commands via constructed serialized Java...

Find Objects Hidden Object - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Find Objects Hidden Object published at the 'play' market has multiple vulnerabilities...

Hidden Objects: Twilight Town - Base64 encoded String, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Hidden Objects: Twilight Town published at the 'play' market has multiple vulnerabilities...

jre7-openjdk: sandbox escape

It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...

jdk7-openjdk: sandbox escape

It was discovered that the security fix for CVE-2013-5838 was incomplete and still allowed remote attackers to escape the Java security sandbox mechanism. The root problem is that the Reflection API does not properly guarantee type safety when Method Handle objects were invoked across two differe...