Adobe Digital Editions < 4.5.5 Multiple Vulnerabilities (APSB17-20)

The version of Adobe Digital Editions installed on the remote Windows host is prior to 4.5.5. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB17-20 advisory. - Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The...

Oracle Business Process Management Suite (Jul 2023 CPU)

The version of Oracle Business Process Management Suite installed on the remote host is affected by multiple vulnerabilities, as referenced in the July 2023 CPU advisory, including: - Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware component:...

Xenomorph Android Banking Trojan Returns with a New and More Powerful Variant

A new variant of the Android banking trojan named Xenomorph has surfaced in the wild, latest findings from ThreatFabric reveal. Named "Xenomorph 3rd generation " by the Hadoken Security Group, the threat actor behind the operation, the updated version comes with new features that allow it to...

Mulesoft Mule Unsafe Deserialization

The MuleSoft Mule runtime engine before 3.8.0 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections...

Oracle Business Process Management Suite (Apr 2022 CPU)

The version of Oracle Business Process Management Suite installed on the remote host is affected by multiple vulnerabilities, as referenced in the April 2022 CPU advisory. Specifically: - Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware component:...

Oracle Business Process Management Suite (Oct 2020 CPU)

The version of Oracle Business Process Management Suite installed on the remote host is affected by the following vulnerabilities as referenced in the October 2020 CPU advisory: - Vulnerability in the Runtime Engine Application Development Framework. An unauthenticated, remote attacker with netwo...

Deserialization of untrusted data

The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections...

CVE-2019-13116

The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections...

CVE-2017-3088

Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF runtime engine. Successful exploitation could lead to arbitrary code execution...

CVE-2015-5632

The Newphoria applican framework vulnerability (Android versions prior to 1.12.3; iOS prior to 1.12.2) is a URL whitelist bypass in the runtime engine. When an app is launched via the URL-scheme, the whitelist.xml protection can be bypassed and non‑whitelisted URLs may be accessed, enabling an AP...

Microsoft Releases Anti-XSS Web Protection Library

Microsoft has released an open-source Web Protection Library WPL to help developers protect web sites from cross-site scripting attacks. The WPL, which is a set of .NET assemblies, is being offered as part of a defense in depth strategy to add an extra layer to any validation or secure coding...

CVE-2002-1026

CVE-2002-1026 affects Macromedia Sitespring 1.2.0 (277.1) using the Sybase runtime engine 7.0.2.1480. The vulnerability allows remote attackers to cause a denial of service (crash) via a long malformed request to TCP port 2500, possibly triggering a buffer overflow. Impact is listed as partial av...

KPMG-2002028: Sitespring Server Denial of Service

-------------------------------------------------------------------- Title: Sitespring Server Denial of Service BUG-ID: 2002028 Released: 01st Jul 2002 -------------------------------------------------------------------- Problem: ======== A malicious user with access to the Sitespring database...