Lucene search
K

167 matches found

OSV
OSV
added 2023/03/30 9:30 p.m.16 views

GHSA-XC93-587G-MXM7 Payara Server allows remote attackers to load malicious code on the server once a JNDI directory scan is performed

A JNDI rebind operation in the default ORB listener in Payara Server 4.1.2.191 Enterprise, 5.20.0 and newer Enterprise, and 5.2020.1 and newer Community, when Java 1.8u181 and earlier is used, allows remote attackers to load malicious code on the server once a JNDI directory scan is performed...

9.8CVSS9.5AI score0.0093EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2023/03/30 9:30 p.m.26 views

Payara Server allows remote attackers to load malicious code on the server once a JNDI directory scan is performed

A JNDI rebind operation in the default ORB listener in Payara Server 4.1.2.191 Enterprise, 5.20.0 and newer Enterprise, and 5.2020.1 and newer Community, when Java 1.8u181 and earlier is used, allows remote attackers to load malicious code on the server once a JNDI directory scan is performed...

9.8CVSS8.9AI score0.0093EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/03/30 8:15 p.m.4 views

CVE-2023-28462

A JNDI rebind operation in the default ORB listener in Payara Server 4.1.2.191 Enterprise, 5.20.0 and newer Enterprise, and 5.2020.1 and newer Community, when Java 1.8u181 and earlier is used, allows remote attackers to load malicious code on the server once a JNDI directory scan is performed...

9.8CVSS7.4AI score0.0093EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/03/30 12:0 a.m.27 views

CVE-2023-28462

A JNDI rebind operation in the default ORB listener in Payara Server 4.1.2.191 Enterprise, 5.20.0 and newer Enterprise, and 5.2020.1 and newer Community, when Java 1.8u181 and earlier is used, allows remote attackers to load malicious code on the server once a JNDI directory scan is performed...

9.7AI score0.0093EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/03/30 12:0 a.m.3 views

PT-2023-21735 · Oracle +1 · Java +1

Name of the Vulnerable Software and Affected Versions: Payara Server versions 4.1.2.191 through 5.20.0 and newer Enterprise Payara Server versions 5.2020.1 and newer Community Description: A JNDI rebind operation in the default ORB listener allows remote attackers to load malicious code on the...

9.8CVSS7.6AI score0.0093EPSS
Exploits0References7
CVE
CVE
added 2023/03/30 12:0 a.m.61 views

CVE-2023-28462

The CVE describes a JNDI rebind vulnerability in Payara Server: when running Java 1.8u181 or earlier, the default ORB listener can be exploited by performing a JNDI directory scan to load malicious code on the server. Affected products include Payara Server 4.1.2.191 (Enterprise), 5.20.0 and newe...

9.8CVSS9.4AI score0.0093EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 6:17 a.m.4 views

SUSE CVE-2005-2364

Unknown vulnerability in the 1 GIOP dissector, 2 WBXML, or 3 CAMEL dissector in Ethereal 0.8.20 through 0.10.11 allows remote attackers to cause a denial of service application crash via certain packets that cause a null pointer dereference...

5CVSS6.9AI score0.03592EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 5:46 a.m.3 views

SUSE CVE-2012-3155

Unspecified vulnerability in the CORBA ORB component in Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1 and 3.1.2, and Sun Java System Application Server 8.1 and 8.2 allows remote attackers to affect availability, related to CORBA ORB...

5CVSS6.5AI score0.02531EPSS
Exploits0References3
OSV
OSV
added 2021/04/22 10:15 p.m.5 views

CVE-2021-2136

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise...

9.8CVSS7AI score0.0224EPSS
Exploits0References1
Schneier on Security
Schneier on Security
added 2021/04/21 4:12 p.m.53 views

Backdoor Found in Codecov Bash Uploader

Developers have discovered a backdoor in the Codecov bash uploader. Its been there for four months. We dont know who put it there. Codecov said the breach allowed the attackers to export information stored in its users continuous integration CI environments. This information was then sent to a...

2.4AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/08 8:59 p.m.33 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM InfoSphere BigInsights, including Broken security fixes in IBM Java and IBM SDK, Java Technology Edition Quarterly CPU - Apr 2016 (CVE-2016-0264, CVE-2016-0363)

Summary Security vulnerabilities have been identified in IBM SDK Java™ Technology Edition shipped with IBM InfoSphere BigInsights. Information about security vulnerabilities affecting IBM SDK Java has been published in a security bulletin. Vulnerability Details CVEID: CVE-2016-0264 DESCRIPTION: A...

9.3CVSS0.9AI score0.04382EPSS
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/02/02 12:0 a.m.5 views

The vulnerability of Oracle WebLogic Server’s application server core components allows a hacker to gain full control over the application.

The vulnerability of Oracle WebLogic Server’s application server components is related to deficiencies in access control. Exploiting this vulnerability allows an attacker to gain full control over the application through network protocols such as IIOP and T3...

10CVSS7.7AI score0.03728EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/02/02 12:0 a.m.5 views

The vulnerability of Oracle WebLogic Server’s application server core components allows a hacker to gain full control over the application.

The vulnerability of Oracle WebLogic Server’s application server components is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to gain full control over the application through network IIOP and T3 protocols...

10CVSS7.7AI score0.03728EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/01/19 12:0 a.m.7 views

Oracle Fusion Middleware 授权问题漏洞

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle USA. The platform provides middleware, software collection and other functions. An authorization issue vulnerability exists in the Oracle Coherence product...

9.8CVSS7.3AI score0.74753EPSS
Exploits4References6
BDU FSTEC
BDU FSTEC
added 2020/08/12 12:0 a.m.5 views

The vulnerability of the Core server component of Oracle WebLogic Server allows a hacker to gain full control over the application.

The vulnerability of the Core server component of Oracle WebLogic Server is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain full control over the application using the IIOP and T3 protocols...

10CVSS7.7AI score0.09886EPSS
Exploits0References2Affected Software1
Gitee
Gitee
added 2020/07/28 9:36 a.m.8 views

Exploit for CVE-2020-2551

CVE-2020-2551 Weblogic IIOP 反序列化 测试环境 Weblogic10.3.6+jdk1.6 打包好的jar包 提取码:a6ob 漏洞利用 下载jar包,然后使用marshalsec起一个恶意的RMI服务,本地编译一个exp.java java package payload; import java.io.IOException; public class exp public exp String cmd = "curl http://172.16.1.1/success"; try...

9.8CVSS7AI score0.93168EPSS
Exploits18
BDU FSTEC
BDU FSTEC
added 2020/06/02 12:0 a.m.7 views

The vulnerability of the Core server component of Oracle WebLogic Server allows a hacker to gain full control over the application.

The vulnerability of the Core server component of Oracle WebLogic Server is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to gain full control over the application through the IIOP and T3 network protocols...

10CVSS8.1AI score0.94928EPSS
Exploits11References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/06/02 12:0 a.m.4 views

The vulnerability of the WLS Web Services component of the Oracle WebLogic Server application server allows a attacker to gain full control over the application.

The vulnerability of the WLS Web Services component of the Oracle WebLogic Server application server is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain full control over the application through the IIOP and T3 network protocols...

9CVSS7.1AI score0.01384EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/06/02 12:0 a.m.4 views

The vulnerability of the WLS Web Services component of the Oracle WebLogic Server application server allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the WLS Web Services component of the Oracle WebLogic Server application server is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information through the IIOP and T3 network protocols...

7.8CVSS7.2AI score0.01537EPSS
Exploits0References2Affected Software1
Fedora
Fedora
added 2020/05/09 4:13 a.m.38 views

[SECURITY] Fedora 31 Update: crawl-0.24.1-2.fc31

This is the Console ncurses version of crawl. Dungeon Crawl Stone Soup is a free roguelike game of exploration and treasure-hunting in dungeons filled with dangerous and unfriendly monsters in a quest for the mystifyingly fabulous Orb of Zot. Dungeon Crawl Stone Soup has diverse species and many...

9.8CVSS2.1AI score0.03923EPSS
Exploits0
Rows per page
Query Builder