10 matches found
Security update for c3p0 and mchange-commons
This update for c3p0 and mchange-commons fixes the following issues: c3p0: Security issues fixed: CVE-2026-27830: Fixed unsafe object deserialization bsc1258942 Fix the null pointer exception in the userOverridesAsString method bsc1259313. mchange-commons: Security issues fixed: CVE-2026-27727:...
Arbitrary Command Execution
org.jupiter-rpc:jupiter-serialization-kryo is vulnerable to Arbitrary Command Execution. The vulnerability is due to improper configuration which allows remote class loading. The deserialization vulnerability allows an attacker to execute arbitrary commands via crafted RPC requests...
Medium: java-1.8.0-amazon-corretto
Issue Overview: Improve CORBA communication: CORBA deserialization can result in outbound network connections with data passed in. CVE-2023-21830 Better Banking of Sounds: JARSoundbankReader can load classes from remote URLs. CVE-2023-21843 Affected Packages: java-1.8.0-amazon-corretto Note: This...
h2: Loading of custom classes from remote servers through JNDI
A flaw was found in the H2 Console. This flaw allows remote attackers to execute arbitrary code via a JDBC URL, concatenating with a substring that allows remote code execution by using a script...
Log4Shell HTTP Header Injection
Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints. This module will exploit an HTTP end point with the Log4Shell vulnerability by...
Exploit for CVE-2020-2551
WebLogic-CVE-2020-2551-To-Internet CVE-2020-2551: POC fo...
Java RMI Server Insecure Default Configuration Java Code Execution
This module takes advantage of the default configuration of the RMI Registry and RMI Activation services, which allow loading classes from any remote HTTP URL. As it invokes a method in the RMI Distributed Garbage Collector which is available via every RMI endpoint, it can be used against both...
Java RMI Server Insecure Endpoint Code Execution Scanner
Detect Java RMI endpoints This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/java/serialization' class MetasploitModule 'Java RMI Server Insecure Endpoint Code Execution Scanner', 'Description' = 'Detect Jav...
Java RMI Services Default Configuration Remote Loading
Added: 07/29/2011 Background The Java Remote Method Invocation RMI system allows an object running in one Java virtual machine to invoke methods on an object running in another Java virtual machine. RMI provides for remote communication between programs written in the Java programming language...
Java RMI Server Insecure Default Configuration Java Code Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Java RMI Server Insecure Default...