Acrobat Reader DC XFA template Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

tomcat: Security Manager bypass via persistence mechanisms

It was found that several Tomcat session persistence mechanisms could allow a remote, authenticated user to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that placed a crafted object in a session...

Cisco Unified Communications Manager Java Object Deserialization RCE (CSCux34835)

According to its self-reported version, the Cisco Unified Communications Manager CUCM running on the remote device is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections ACC library. An unauthenticated...

UBUNTU-CVE-2016-7405

The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting...

CVE-2016-4385

CVE-2016-4385 affects HP Network Automation: RMI registry deserialization in 9.1x, 9.2x, 10.0x before 10.00.02.01, and 10.1x before 10.11.00.01 enables remote code execution via a crafted serialized Java object, leveraging Apache Commons Collections and Commons BeanUtils libraries. The vulnerabil...

VulnCheck KEV: CVE-2009-3674

Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that 1 was not properly initialized or 2 is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a...

IBM WebSphere Application Server Remote Code Execution Vulnerability

IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. It is a platform for Java EE and Web services applications and the foundation of the IBM WebSphere software platform.Liberty is a dynamic server profile for WAS. A remote code...

CVE-2016-4978

The getObject method of the javax.jms.ObjectMessage class in the 1 JMS Core client, 2 Artemis broker, and 3 Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects...

PT-2016-6204 · Apache · Apache Activemq Artemis

Name of the Vulnerable Software and Affected Versions: Apache ActiveMQ Artemis versions prior to 1.4.0 Description: The issue allows remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects and execute arbitrary code by leveraging gadget...

The vulnerability of the Windows operating system allows a hacker to steal sessions and increase their privileges.

The vulnerability of the Windows operating system’s kernel is related to the improper use of session objects. Exploiting this vulnerability can allow a local attacker to steal a session and increase their privileges through a specially created application...

The vulnerability of the Windows operating system allows a hacker to steal sessions and increase their privileges.

The vulnerability of the Windows operating system’s kernel is related to the improper use of session objects. Exploiting this vulnerability can allow a local attacker to steal a session and increase their privileges through a specially created application...

CS-Cart Twigmo Plugin PHP Object Injection Vulnerability

CS-Cart is a PHP and MySQL based e-commerce software system developed by CS-Cart team. The system supports third-party software extensions , custom promotional strategies , product filtering definitions , etc. Twigmo is one of the template plug-ins developed specifically for mobile terminals . A...

Metasploit Weekly Release Static secret_key_base pre-auth 远程代码执行漏洞

Author: Justin Steven OVE ID: OVE-20160904-0002 Private disclosure date: 2016-09-04 Public disclosure date: 2016-09-19 Vendor advisory: https://community.rapid7.com/community/metasploit/blog/2016/09/15/important-security-fixes-in-metasploit-4120-2016091401 Affected versions: Metasploit...

Mock Local Elevation of Privilege Vulnerability

The mock is a test method that creates a virtual object for some objects that are not easy to construct or obtain for testing purposes. A local elevation of privilege vulnerability exists in mock. A local attacker can exploit the vulnerability to gain higher privileges...

UBUNTU-CVE-2016-7411

ext/standard/varunserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via an unserialize call that references a partially constructed object...

CVE-2016-3305

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishandles session objects, which allows local users to hijack sessions, and consequently gain privileges...

CVE-2016-3305

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishandles session objects, which allows local users to hijack sessions, and consequently gain privileges...

Privilege escalation

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishandles session objects, which allows local users to hijack sessions, and consequently gain privileges...

Microsoft Windows Kernel Multiple Vulnerabilities (3186973)

This host is missing an important security update according to Microsoft Bulletin MS16-111 SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Win32k Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or...